Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected Laptop [Solved]

Started by pattyL , May 18 2015 10:23 AM

This topic is locked

#1
pattyL

Posted 18 May 2015 - 10:23 AM

Member

Member
35 posts

Hello,

I have a fairly new laptop and all of the sudden I am experiencing some issues. I'm not sure if I have an adequate anti-virus solution currently, which is probably part of the problem.

When I try to browse the internet, it is extremely slow to load a page and many times it just freezes up and asks me to close the browser. It's quite frustrating. My computer is pretty new and I know it should be fast and "snappy", so something is up.

Below are my logs.

Thanks!

Miles

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by MLovelace (administrator) on MILESLAPTOP on 17-05-2015 22:55:53
Running from C:\Users\MLovelace\Desktop
Loaded Profiles: MLovelace (Available profiles: MLovelace)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-04] (Acer Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-13] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\RunOnce: [Application Restart #6] => C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe [7853056 2015-05-05] (Pokki)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-21]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> DefaultScope {4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0} URL = http://search.homepa...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {147A3085-558F-421B-8974-3D87E7422526} URL =
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0} URL = http://search.homepa...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-11-18 17:59:18&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-13] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-13] (AVG)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-31] (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-27] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2840832 2015-03-03] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-16] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [347176 2013-08-13] (Acer Incorporated)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-13] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-13] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-23] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 22:55 - 2015-05-17 22:56 - 00023430 _____ () C:\Users\MLovelace\Desktop\FRST.txt
2015-05-17 22:54 - 2015-05-17 22:55 - 00000000 ____D () C:\FRST
2015-05-17 22:50 - 2015-05-17 22:53 - 02107392 _____ (Farbar) C:\Users\MLovelace\Desktop\FRST64.exe
2015-05-17 22:07 - 2015-05-17 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-17 22:03 - 2015-05-17 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-05-13 09:42 - 2015-04-30 13:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:42 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:34 - 2015-04-30 16:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:34 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:33 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 06:33 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 06:33 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 06:33 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 06:33 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 06:33 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 06:33 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 06:33 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 06:33 - 2015-04-21 09:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 06:33 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 06:33 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 06:33 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 06:33 - 2015-04-21 09:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 06:33 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 06:33 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 06:33 - 2015-04-21 08:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 06:33 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 06:33 - 2015-04-21 08:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 06:33 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 06:33 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 06:33 - 2015-04-21 08:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 06:33 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 06:33 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 06:33 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 06:33 - 2015-04-21 08:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 06:33 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 06:33 - 2015-04-21 08:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 06:33 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 06:33 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 06:33 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 06:33 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 06:33 - 2015-04-21 08:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 06:33 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 06:33 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 06:33 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 06:33 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 06:33 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 06:33 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 06:33 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:33 - 2015-04-13 15:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:33 - 2015-04-09 18:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:33 - 2015-04-09 17:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:33 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:33 - 2015-04-08 15:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:33 - 2015-03-29 22:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 06:33 - 2015-03-26 20:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:33 - 2015-03-26 19:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:33 - 2015-03-26 19:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-27 20:42 - 2015-04-27 20:42 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-04-25 17:39 - 2015-05-05 10:59 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-25 17:39 - 2015-05-05 10:59 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-25 16:33 - 2015-04-25 17:39 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-25 16:33 - 2015-04-25 16:33 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-22 21:24 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-22 21:23 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-22 21:23 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 22:31 - 2014-10-11 10:11 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3167926667-1796584909-2833572386-1001
2015-05-17 22:17 - 2014-06-21 02:56 - 01814701 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 22:11 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-17 22:08 - 2013-10-03 02:49 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 22:06 - 2014-11-16 14:10 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-17 22:04 - 2014-10-11 10:06 - 00000000 ____D () C:\Users\MLovelace\AppData\Local\Pokki
2015-05-17 22:03 - 2014-11-05 21:20 - 00002326 _____ () C:\Users\MLovelace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-17 22:01 - 2013-10-03 02:44 - 00114620 _____ () C:\Windows\PFRO.log
2015-05-17 22:01 - 2013-08-22 07:46 - 00019736 _____ () C:\Windows\setupact.log
2015-05-17 22:01 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 22:01 - 2013-08-22 07:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 22:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-17 22:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-17 21:59 - 2013-08-22 12:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-17 21:59 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-17 21:45 - 2014-11-16 14:12 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-17 21:45 - 2014-11-16 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-17 21:45 - 2014-10-11 10:07 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5FEC8FA9-F09E-4CFB-9FB2-C0C3141066B2}
2015-05-17 21:45 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-16 17:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-13 09:47 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-09 06:01 - 2014-10-11 11:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-06 18:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppCompat
2015-05-06 06:41 - 2014-10-11 14:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-06 06:36 - 2015-01-11 13:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-06 06:36 - 2014-12-10 18:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-06 06:36 - 2014-10-11 14:59 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-01 04:36 - 2015-04-16 23:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 20:42 - 2013-10-03 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-04-27 20:42 - 2013-10-03 02:58 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-04-27 20:41 - 2014-10-11 10:08 - 00000000 ____D () C:\Users\MLovelace\AppData\Local\clear.fi
2015-04-26 22:14 - 2014-10-11 10:06 - 00000000 ____D () C:\Users\MLovelace
2015-04-25 17:39 - 2013-08-22 08:37 - 00003223 _____ () C:\Windows\DtcInstall.log
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\FileManager
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Camera
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-25 16:34 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-25 16:34 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-25 16:34 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\servicing
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Com
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\IME
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-04-25 16:33 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-25 16:33 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-25 16:33 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-22 21:19 - 2013-08-22 08:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-04-22 21:19 - 2013-08-22 08:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

==================== Files in the root of some directories =======

2014-06-21 03:03 - 2014-06-21 03:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-11 10:19 - 2014-10-11 10:19 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\MLovelace\AppData\Local\Temp\oct2168.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\oct2953.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\oct7222.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\oct7DD3.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\oct8281.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\octA479.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\octA790.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\octB1E8.tmp.exe
C:\Users\MLovelace\AppData\Local\Temp\octC7FF.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-24 22:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by MLovelace at 2015-05-17 22:57:08
Running from C:\Users\MLovelace\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3167926667-1796584909-2833572386-500 - Administrator - Disabled)
Guest (S-1-5-21-3167926667-1796584909-2833572386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3167926667-1796584909-2833572386-1003 - Limited - Enabled)
MLovelace (S-1-5-21-3167926667-1796584909-2833572386-1001 - Administrator - Enabled) => C:\Users\MLovelace

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.07.2004.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3003 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.8102 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3011 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AOL (HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.4 - Pokki)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.05.2003.0 - Acer Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.10 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.10 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.10 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HID Monitor (HKLM-x32\...\{B40E5B98-EFBF-4F2E-A34C-B1C25E574123}) (Version: 1.1.6 - Acer Incorporated)
Host App Service (HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Pokki) (Version: 0.269.7.638 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{978B5476-EAF9-4EB0-AD34-92689249A016}) (Version: 4.2.41.2499 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Pokki_Start_Menu) (Version: 0.269.7.638 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\MLovelace\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\MLovelace\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\MLovelace\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\MLovelace\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-04-2015 00:25:04 Windows Update
16-04-2015 22:52:33 Windows Update
22-04-2015 20:53:42 Windows Update
06-05-2015 06:35:28 Windows Update
06-05-2015 06:35:45 Windows Modules Installer
13-05-2015 06:36:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09BE0B3A-7ECF-489B-9168-DCFB6C21C744} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {0CAF3200-9EE2-49CB-BD5F-D5B5C3114BE0} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-26] (Acer Incorporated)
Task: {14558207-CB0F-4B32-9C5B-4054B523BE7A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1B53BB98-6A69-4443-8C35-4ADA263794C5} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1D4D7DBA-90CF-4916-9D1C-99688B8086C5} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {2204BA7C-5005-4AC8-940B-6E954DBC63C3} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {2F4614B5-343E-4103-A9EB-B74F60C890D7} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2013-08-13] (Acer Incorporated)
Task: {36F811A5-6BDD-4CC4-BFD9-28096D35A370} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {3E95DD02-7E59-4FFE-A44A-2B5F563BAEA5} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {4CD2A66C-F9F1-47FD-AAB0-C4E279A761EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-06] (Microsoft Corporation)
Task: {52C7E4B9-C76C-4554-82CB-50F04D56F8F0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {55B771C3-CBED-4541-BFD3-9BEE99416998} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {900DDA40-3DA7-4CE9-8684-AC8E5AF3B8BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {97F797E6-88A0-4470-98E9-517AB447DBD4} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {A634D1F2-EA77-4542-B0EC-19DBC11D8F20} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-08-12] (Acer Incorporated)
Task: {B6D9ADBF-F7F7-40FC-816A-A0A9A346431B} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {BB90DA31-FFE2-473F-8522-B48FA5C13BBD} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {C0B6AB50-9F8A-4BE0-A45B-7C0E5A5B22E8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {C85A7BF0-808D-4756-88A0-3EC6D8E9602F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {E3CDDB22-9E0F-4743-AD6C-135B8725D917} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {E9F549AC-E18C-42C7-BAC9-90FCA24845AD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {EAF6D502-A2DA-4018-A69E-CCA634CA5E8F} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {F05238AE-9933-48C7-8766-6D7F05410126} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-08-01] (Acer Incorporated)

==================== Loaded Modules (Whitelisted) ==============

2015-03-13 09:54 - 2015-03-13 09:53 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-09 17:32 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-06 17:06 - 2013-09-06 17:06 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-09-06 17:06 - 2013-09-06 17:06 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-09-06 17:05 - 2013-09-06 17:05 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2013-01-29 12:28 - 2013-01-29 12:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 12:28 - 2013-01-29 12:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2015-02-04 22:32 - 2015-02-04 22:32 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2014-12-02 20:45 - 2014-12-02 20:45 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2015-03-13 09:55 - 2015-03-13 09:53 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2013-05-09 11:49 - 2013-05-09 11:49 - 00031088 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2013-01-29 12:28 - 2013-01-29 12:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2015-03-18 19:30 - 2015-03-18 19:30 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-21 03:03 - 2012-03-20 20:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-07-08 18:53 - 2013-07-08 18:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-11-18 18:59 - 2015-03-13 09:53 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-06-21 03:25 - 2013-07-02 14:30 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-06-21 03:25 - 2013-07-02 14:30 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-06-21 03:25 - 2013-07-02 14:30 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-06-21 03:25 - 2013-07-02 14:30 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-06-21 03:25 - 2013-07-02 14:30 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-06-21 03:25 - 2013-07-02 14:30 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-06-21 03:25 - 2013-07-02 14:29 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2015-03-13 09:55 - 2015-03-13 09:53 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2013-05-09 11:49 - 2013-05-09 11:49 - 00035184 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-04-27 20:42 - 2015-04-27 20:42 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-03-04 14:41 - 2015-03-04 14:41 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-03-04 14:39 - 2015-03-04 14:39 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-18 18:59 - 2014-11-18 18:58 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-11-18 18:59 - 2015-03-13 09:53 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2014-06-21 03:27 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00569856 _____ () C:\Users\MLovelace\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 01400846 _____ () C:\Users\MLovelace\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00151054 _____ () C:\Users\MLovelace\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00222734 _____ () C:\Users\MLovelace\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\avg.com -> hxxps://mysearch.avg.com
IE trusted site: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\lovelaceeng.com -> hxxps://webmail.lovelaceeng.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{84A46440-6BE6-4C32-BF3E-6780AD2CFB7F}] => (Allow) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
FirewallRules: [{4C8CAFC3-EC6D-4628-B8D9-31E7453A6A12}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0F89742C-756C-4BBA-9C2E-7F2A097AF3A4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B6EF8486-03B6-44A8-A4F0-2E4AFBC0F6B2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{BCC2FE5C-DBE6-43F5-AD74-A4E1DBA265E4}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0F7F8A3D-0542-4011-BBC2-F181723B74C3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{172DFA85-F5EB-4780-8247-F758221206E2}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BD08C6F4-C0C4-4009-A2E9-327B18C6B19D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{C036442C-53D2-46B5-AF4E-6F04F96F9037}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3C0FD8ED-344F-49B6-8547-49F62E706687}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{91727FE5-126E-479D-81A3-C60AEDE3094C}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{7A27570D-327E-45A0-9EAF-97E9D746912B}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{20B1873C-BC4E-400D-BFCE-0CB36FBEFD4C}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{0BF7D6A6-8CD2-4082-A267-E9166D04EF9C}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{3796A92B-2038-4DC7-9D30-0F0C204882CF}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{83084984-6223-4497-8255-E2DC558CBD2C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{FCFE2BF8-9E9A-4D42-BB5B-E6E112D69BD0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{10C655BC-B50A-4E52-9634-2D2FD6D108BA}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{EB793C57-6D94-4A07-ABA0-2D243F3E3BC0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{744886C0-60C7-43C7-A58B-E9C7EF27FC71}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{AAB03F84-B499-4B61-B98E-C7F84FC7E8FB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6D2B1F93-3343-46E2-99D7-54811265A61F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{96BCEF79-2F72-48D9-820C-CECDD9CD8D88}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{F2CF9C4F-DF5B-4B46-947A-8C678A8098FE}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{AC4B353E-6BB0-4AD8-ABF9-B7721648332C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{51F9C48E-85AD-4388-86BC-18EAD75D915D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{726E4474-6845-43BF-BC28-4967777CF8FA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{36E63C0B-0901-44F3-B6FB-5D07892886F2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{178D2B1A-2798-4AED-9B39-6B7C0B9B7B20}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{31970122-5929-4CF6-B198-86B12470B14C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{3FC8F4C9-E33D-4973-A649-4DC3202C6F64}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A79A6C73-8C5D-450B-BEF9-02F0DC813C50}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8A3C37D0-2027-44FB-B671-E18B79D4F1B9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{FF7F1C6E-CB7C-486E-9CE5-648834F58DCD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{08B64733-A16B-4118-B128-40C0F8AFC9FE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{A54FD1F7-E3D2-48EA-95AE-07593CDE9D58}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{DB52D5A1-C74E-45E3-AA46-EC566BCECB5C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{3B4EFD85-FF4A-4659-8B8D-F843C71527A2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D06C4B14-D707-4F88-8A97-BAE1EA45698C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{7B0F2A38-7C8B-4E15-BC41-6F87523E874D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9204B22A-8537-48B7-98AA-7FE6F2176DC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2CC92BD6-480D-48E0-B77A-7EC0591B6654}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{48396AC3-37D6-407A-9A4B-7F0D5BFFB818}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{41563220-F2B7-491B-8182-A114494AE91E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{AC176101-64B0-4611-8BF5-C1CEC8C64AF3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5FB59AD8-2070-4688-A183-E8225A2D252C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{DF8B41BE-C82F-4D8B-9A00-C97EA9249CAB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6FEB6221-2157-41AF-8028-85FC45DBD480}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AD2CDD6E-07BD-48D4-BB03-4D1644BF2497}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C67B27DA-4E6D-4C16-BE50-6B283CF8D769}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{29D1DB36-C5BC-47E6-B9FE-761C518864A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E535E48D-FC34-4A18-B0B7-E6FDFE15C7D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2934A47D-83CE-4615-8AD3-B01EB1B86445}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C4A96BAD-D82C-46A0-92B1-ADF27952A098}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B6B9C441-772C-4464-99E4-E03358984D45}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{63FE3C07-E2E2-4CD9-A3D3-2A2CB65CBA64}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4FA4BE4B-023A-4525-BDEA-27F7B6BC9871}] => (Allow) C:\Users\MLovelace\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{4E31F940-21FD-4768-BFD4-2CAC5D92796E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{40834AFA-D27C-4C93-8816-4BE06E58389C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3D52F8B2-3260-42BB-A265-B236C42F2878}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4A4BD212-ABDF-4F12-8209-EEADE43DE24B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FA0616BA-ABAC-4FB0-9E14-37A78662C3A8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{E2865FF3-425D-42F0-903C-F30C1A7C7CD2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{2C97CD38-2083-4F57-803F-A5C49673A7C2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{B0BF89AE-8CC3-4989-92DD-DAC438A4D624}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{6FD65B2E-ED65-4107-B8AD-EF9E80E1DAF1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7223055E-B018-4E92-B866-1B16C1F0A576}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{C22766AE-D25D-4912-A6D0-1B9A4EA55364}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{055E6070-6CFA-468D-A0CD-2012560DA88F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F88A0D09-A6CC-4956-A0D4-E0709DA82884}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9332F553-F819-4809-A842-BD6A22F009BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D606B594-A57B-454E-9880-FE2E18D9C804}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{ED1996BF-2CF8-465F-961D-7C4D34230BE5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{ABE21A8E-1BA4-4FBD-A6CA-D73066E8A6BB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{88A40EA8-63E5-4EEE-986A-9F6BBB9A6331}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{957564F5-D5E5-4F49-9566-3F535F05615D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E2C486FC-052D-4134-BAAD-964A1569DE44}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{954BC7A5-4E61-4C93-8A23-76F6E42C1BCE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{24CB78BB-D969-4E95-9C64-E4F1C9342E54}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BA256C7A-BB7D-4D95-8A6B-9EF88B1F80F5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4E1BE416-718E-4357-925A-550830E51C6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{94B68134-4566-422E-8960-4F46D5DAB08C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3A013C2C-6A91-4B12-906E-70B34697B281}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{91A6CC4E-4BF6-41A4-9AB2-D22F10D1432D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{913C32CB-F2DC-419C-B12E-C2B3EBDE4714}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8246DF8F-67E7-4DAF-A681-258E0CB58587}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CCA302E9-9327-42B4-AF1F-E1EDD8694518}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F66B4B7E-AC9E-410B-934B-5F76DC40A9FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C65079B6-1A73-43FC-8FD9-6F2DB7BDD875}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DAB9E0CA-8F45-4B90-B9EF-A446E6E8A069}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{1B13F6F2-B71C-4B41-9620-40119826954B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 10:01:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (05/17/2015 10:01:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (05/14/2015 06:23:32 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/11/2015 04:44:51 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/06/2015 06:30:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3230

Start Time: 01d08864ac32bf30

Termination Time: 5161

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a4f1dfd4-f458-11e4-8270-e82aea2cc0d0

Faulting package full name:

Faulting package-relative application ID:

Error: (05/06/2015 06:25:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 279c

Start Time: 01d08863495d1091

Termination Time: 15230

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: e0b7d969-f457-11e4-8270-e82aea2cc0d0

Faulting package full name:

Faulting package-relative application ID:

Error: (05/06/2015 06:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a1c

Start Time: 01d088632de38d97

Termination Time: 20740

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 7a9d8e14-f456-11e4-8270-e82aea2cc0d0

Faulting package full name:

Faulting package-relative application ID:

Error: (05/06/2015 06:14:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d20

Start Time: 01d08860d8faf95d

Termination Time: 157

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 6b48d959-f456-11e4-8270-e82aea2cc0d0

Faulting package full name:

Faulting package-relative application ID:

Error: (05/06/2015 06:02:22 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

System errors:
=============
Error: (05/17/2015 10:01:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (05/16/2015 06:00:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (05/06/2015 06:23:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (05/05/2015 03:46:32 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/03/2015 04:41:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/03/2015 04:16:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/03/2015 04:01:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/02/2015 06:43:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Microsoft Office Sessions:
=========================
Error: (05/17/2015 10:01:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (05/17/2015 10:01:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (05/14/2015 06:23:32 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/11/2015 04:44:51 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/06/2015 06:30:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416323001d08864ac32bf305161C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa4f1dfd4-f458-11e4-8270-e82aea2cc0d0

Error: (05/06/2015 06:25:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416279c01d08863495d109115230C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEe0b7d969-f457-11e4-8270-e82aea2cc0d0

Error: (05/06/2015 06:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174162a1c01d088632de38d9720740C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE7a9d8e14-f456-11e4-8270-e82aea2cc0d0

Error: (05/06/2015 06:14:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174161d2001d08860d8faf95d157C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE6b48d959-f456-11e4-8270-e82aea2cc0d0

Error: (05/06/2015 06:02:22 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (05/06/2015 06:02:22 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 8087.27 MB
Available physical RAM: 4485.66 MB
Total Pagefile: 10647.27 MB
Available Pagefile: 7183.01 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.9 GB) (Free:166.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BE9B66AB)

Partition: GPT Partition Type.

==================== End Of Log ============================

#2
DanoNH

Posted 18 May 2015 - 06:20 PM

Trusted Helper

Malware Removal
2,155 posts

Hello and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user. The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can. PLEASE be patient.

I am currently in training, so there will be another person reviewing my work. This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:

Please note that you should have Administrator rights to perform any fixes.
Before we proceed, you may wish to print instructions for easy reference during the fix. Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
Please understand that malware removal is a complicated, multi-step process. Therefore please stay with me until I tell you that your system is clean.
Please do not make any system or program changes, or run any tools unless I specifically ask you to. Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean. If you get stuck or have questions, please stop and ask so I can help you.
Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk. While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
When posting logs, please Copy & Paste the log file contents into a reply. Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, let's get started...

I will be reviewing your logs and will come back with some steps for you to follow. In the meantime, please answer these questions for me:

How old is the laptop?
In which web browser(s) do you notice the slowdowns or crashing?
Also, you have McAfee Anti-Virus installed but not enabled. I see you have AVG installed as well, and that's the active Anti-Virus.
Did the machine come with McAfee preinstalled or did you install it? You only want to have one Anti-Virus installed and running on a machine.

#3
pattyL

Posted 18 May 2015 - 06:31 PM

Member

Topic Starter
Member
35 posts

Hi Dan,

Thank you for your response and helping me.

Answers to your questions below in red.

Miles

How old is the laptop? About 6 months, it's a fairly high end Acer machine.
In which web browser(s) do you notice the slowdowns or crashing? IE
Also, you have McAfee Anti-Virus installed but not enabled. I see you have AVG installed as well, and that's the active Anti-Virus.
Did the machine come with McAfee preinstalled or did you install it? Pre-installed You only want to have one Anti-Virus installed and running on a machine. Yes, I am aware that having 2 or more anti-virus software programs on your computer is not a good idea and can cause problems. I might have a Norton trial on here as well, I'm not sure. I would like to delete any anti-virus software on my machine other than the one that is active (AVG), but not sure how to do that. I keep getting popups for MaAfee because the free trial has expired. maybe you have a suggestion for one that is better than AVG?

#4
DanoNH

Posted 19 May 2015 - 03:55 AM

Trusted Helper

Malware Removal
2,155 posts

Hi Miles,

Thank you for the answers and your patience. I am working up a solution path for you, and will be back with our next steps.

#5
DanoNH

Posted 20 May 2015 - 08:05 AM

Trusted Helper

Malware Removal
2,155 posts

Hello Miles, I just wanted to let you know your case is still being discussed/worked on. Thanks for your patience!

#6
DanoNH

Posted 20 May 2015 - 09:02 AM

Trusted Helper

Malware Removal
2,155 posts

Hello Miles,

Thanks for your patience. For any steps I provide you, please stop and tell me if you get stuck or have any questions at all. You are my eyes and ears on the other end.

Please take your time and follow these steps carefully...

First
Programs uninstall

Go to Control Panel > Programs and Features, and uninstall the following programs. If you aren't sure how to get there, see this link.

Acer Games
AOL
AVG Web TuneUp
McAfee LiveSafe Internet Security
McAfee WebAdvisor (if still present) <-- This can be reinstalled after we're finished, if desired.
Pokki Start Menu

Second
Download and run the McAfee Consumer Product Removal (MCPR) tool

Download the McAfee Removal Tool to your Desktop
Right-click on the file and select "Run as adminstrator..."
Follow the prompts to run the tool
Reboot afterwards if not prompted to do so.

Important: If you see the message Cleanup Unsuccessful, save your MCPR log files for analysis:

At the Cleanup Unsuccessful dialog box, click View Logs. Your troubleshooting log opens in a Notepad window.
Click File > Save As and save the file to your Desktop. Name the file MCPR_date.txt (for example, MCPR_Jan10_12.txt).

See this page for more information: https://service.mcaf...spx?id=TS101331

Post the removal tool log in a reply.

Third
Run a FRST Fix

Download the attached fixlist.txt file and save it to the Desktop.
fixlist.txt 2.75KB 165 downloads
(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Fourth
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

Shut down your protection software now to avoid potential conflicts. See here for more information.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Fifth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Do not click the Cleaning button.
Click the Logfile button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
In your next reply, please copy/paste the contents of the following logs:

McAfee Uninstall Tool log (if it fails to complete successfully)
FRST fixlog.txt
JRT log
AdwCleaner Scan Mode log

#7
pattyL

Posted 20 May 2015 - 12:58 PM

Member

Topic Starter
Member
35 posts

Hi Dan, Here you go...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by MLovelace (administrator) on MILESLAPTOP on 20-05-2015 11:38:59
Running from C:\Users\MLovelace\Desktop
Loaded Profiles: MLovelace (Available profiles: MLovelace)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-04] (Acer Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\RunOnce: [Application Restart #6] => C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe [7853056 2015-05-05] (Pokki)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-21]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-27] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-23] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 11:38 - 2015-05-20 11:38 - 00000000 ____D () C:\Users\MLovelace\Desktop\FRST-OlderVersion
2015-05-20 11:35 - 2015-05-20 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-05-17 22:57 - 2015-05-17 22:57 - 00044714 _____ () C:\Users\MLovelace\Desktop\Addition.txt
2015-05-17 22:55 - 2015-05-20 11:38 - 00016849 _____ () C:\Users\MLovelace\Desktop\FRST.txt
2015-05-17 22:54 - 2015-05-20 11:39 - 00000000 ____D () C:\FRST
2015-05-17 22:50 - 2015-05-20 11:38 - 02107904 _____ (Farbar) C:\Users\MLovelace\Desktop\FRST64.exe
2015-05-13 09:42 - 2015-04-30 13:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:42 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:34 - 2015-04-30 16:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:34 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:33 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 06:33 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 06:33 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 06:33 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 06:33 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 06:33 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 06:33 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 06:33 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 06:33 - 2015-04-21 09:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 06:33 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 06:33 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 06:33 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 06:33 - 2015-04-21 09:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 06:33 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 06:33 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 06:33 - 2015-04-21 08:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 06:33 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 06:33 - 2015-04-21 08:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 06:33 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 06:33 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 06:33 - 2015-04-21 08:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 06:33 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 06:33 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 06:33 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 06:33 - 2015-04-21 08:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 06:33 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 06:33 - 2015-04-21 08:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 06:33 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 06:33 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 06:33 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 06:33 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 06:33 - 2015-04-21 08:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 06:33 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 06:33 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 06:33 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 06:33 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 06:33 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 06:33 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 06:33 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:33 - 2015-04-13 15:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:33 - 2015-04-09 18:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:33 - 2015-04-09 17:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:33 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:33 - 2015-04-08 15:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:33 - 2015-03-29 22:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 06:33 - 2015-03-26 20:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:33 - 2015-03-26 19:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:33 - 2015-03-26 19:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-27 20:42 - 2015-04-27 20:42 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-04-25 17:39 - 2015-05-05 10:59 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-25 17:39 - 2015-05-05 10:59 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-25 16:33 - 2015-04-25 17:39 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-25 16:33 - 2015-04-25 16:33 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-22 21:24 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-22 21:24 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-22 21:23 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-22 21:23 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 11:36 - 2014-10-11 10:06 - 00000000 ____D () C:\Users\MLovelace\AppData\Local\Pokki
2015-05-20 11:34 - 2014-06-21 02:56 - 01428367 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 11:34 - 2013-10-03 02:44 - 00116282 _____ () C:\Windows\PFRO.log
2015-05-20 11:34 - 2013-08-22 07:46 - 00020507 _____ () C:\Windows\setupact.log
2015-05-20 11:34 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 11:31 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-20 11:30 - 2014-10-11 10:11 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3167926667-1796584909-2833572386-1001
2015-05-20 11:28 - 2013-10-03 02:49 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 11:18 - 2014-10-11 10:07 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5FEC8FA9-F09E-4CFB-9FB2-C0C3141066B2}
2015-05-20 11:17 - 2014-11-18 18:59 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-05-20 11:01 - 2014-11-16 14:10 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-20 11:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-19 19:15 - 2015-01-11 14:17 - 00041984 _____ () C:\Users\MLovelace\Documents\Passwords and Access Codes current.xls
2015-05-19 18:50 - 2014-10-11 11:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-18 09:35 - 2014-10-11 10:06 - 00000000 ____D () C:\Users\MLovelace
2015-05-18 09:30 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-18 08:46 - 2015-02-06 18:52 - 00029696 ___SH () C:\Users\MLovelace\Desktop\Thumbs.db
2015-05-18 08:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-17 22:03 - 2014-11-05 21:20 - 00002326 _____ () C:\Users\MLovelace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-17 22:01 - 2013-08-22 07:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 22:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-17 21:59 - 2013-08-22 12:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-17 21:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-17 21:59 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-17 21:45 - 2014-11-16 14:12 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-17 21:45 - 2014-11-16 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-16 17:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-13 09:47 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-06 18:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppCompat
2015-05-06 06:41 - 2014-10-11 14:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-06 06:36 - 2015-01-11 13:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-06 06:36 - 2014-12-10 18:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-06 06:36 - 2014-10-11 14:59 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-01 04:36 - 2015-04-16 23:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 20:42 - 2013-10-03 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-04-27 20:42 - 2013-10-03 02:58 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-04-27 20:41 - 2014-10-11 10:08 - 00000000 ____D () C:\Users\MLovelace\AppData\Local\clear.fi
2015-04-25 17:39 - 2013-08-22 08:37 - 00003223 _____ () C:\Windows\DtcInstall.log
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\FileManager
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Camera
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-04-25 16:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-25 16:34 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-25 16:34 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-25 16:34 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\servicing
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Com
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\IME
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-25 16:33 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-04-25 16:33 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-25 16:33 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-25 16:33 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-22 21:19 - 2013-08-22 08:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-04-22 21:19 - 2013-08-22 08:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

==================== Files in the root of some directories =======

2014-06-21 03:03 - 2014-06-21 03:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-11 10:19 - 2014-10-11 10:19 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2015-03-24 22:47

==================== End Of Log ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.5 (05.20.2015:1)
OS: Windows 8.1 x64
Ran by MLovelace on Wed 05/20/2015 at 11:41:03.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3167926667-1796584909-2833572386-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3167926667-1796584909-2833572386-500

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

~~~ Files

Successfully deleted: [File] C:\users\public\desktop\ebay.lnk

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\avg web tuneup
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/20/2015 at 11:42:43.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 11:49:59
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : MLovelace - MILESLAPTOP
# Running from : C:\Users\MLovelace\Desktop\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\MLOVEL~1\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Users\MLovelace\AppData\Local\pokki

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [2306 bytes] - [20/05/2015 11:49:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2365 bytes] ##########

On Wed, May 20, 2015 at 11:28 AM, Miles Lovelace <[email protected]> wrote:

Miles T. Lovelace , Licensed Professional Engineer

President | Lovelace Engineering

5930 Cornerstone Ct. W. Ste. 100, San Diego, Ca 92121

(858) 535-9111 x304 | fax (858) 535-1989 | cell (619) 952-9111

www.lovelaceeng.com

#8
DanoNH

Posted 20 May 2015 - 01:42 PM

Trusted Helper

Malware Removal
2,155 posts

Thanks, but I have some questions for you.

Were you able to uninstall all of the items listed in the First step without a problem?
Did the McAfee Removal Tool give you any problems?
There was a file entitled fixlist.txt which was attached in the Third step instructions - the FRST Fix. What you posted is the results of a Scan, not the fix I provided.

Here are the FRST Fix steps again. Please note the attached fixlist.txt file in the first bullet item, and make sure to select the Fix button in the FRST tool.

Third
Run a FRST Fix

Download the attached fixlist.txt file and save it to the Desktop.
fixlist.txt 2.75KB 148 downloads
(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Thanks

#9
pattyL

Posted 20 May 2015 - 02:05 PM

Member

Topic Starter
Member
35 posts

Hi Dan, answers below

Were you able to uninstall all of the items listed in the First step without a problem? Yes
Did the McAfee Removal Tool give you any problems? No
There was a file entitled fixlist.txt which was attached in the Third step instructions - the FRST Fix. What you posted is the results of a Scan, not the fix I provided. yes, you are right, sorry about that, see below.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by MLovelace at 2015-05-20 12:55:35 Run:1
Running from C:\Users\MLovelace\Desktop
Loaded Profiles: MLovelace (Available profiles: MLovelace)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\MLovelace\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-03-13] ()
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\RunOnce: [Application Restart #6] => C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe [7853056 2015-05-05] (Pokki)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> DefaultScope {4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0} URL = http://search.homepa...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {147A3085-558F-421B-8974-3D87E7422526} URL =
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0} URL = http://search.homepa...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-11-18 17:59:18&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-31] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
2015-05-17 22:04 - 2014-10-11 10:06 - 00000000 ____D () C:\Users\MLovelace\AppData\Local\Pokki
C:\Users\MLovelace\AppData\Local\Temp\oct*.tmp.exe
2014-11-18 18:59 - 2015-03-13 09:53 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
IE trusted site: HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\...\avg.com -> hxxps://mysearch.avg.com
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************

Restore point was successfully created.
C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => No running process found
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => No running process found
C:\Users\MLovelace\AppData\Local\Pokki\Engine\HostAppService.exe => No running process found
C:\Users\MLovelace\AppData\Local\Pokki\Engine\StartMenuIndexer.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #6 => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{147A3085-558F-421B-8974-3D87E7422526}" => Key deleted successfully.
HKCR\CLSID\{147A3085-558F-421B-8974-3D87E7422526} => Key not found.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0} => Key not found.
HKCR\CLSID\{4CDE43E2-EBAE-11E4-826F-E82AEA2CC0D0} => Key not found.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key not found.
cpuz136 => Unable to stop service
cpuz136 => Service deleted successfully.
C:\Users\MLovelace\AppData\Local\Pokki => Moved successfully.
C:\Users\MLovelace\AppData\Local\Temp\oct*.tmp.exe => Moved successfully.
"C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" => File/Directory not found.
"HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com" => Key deleted successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3167926667-1796584909-2833572386-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {02048B6F-DFF5-4FC5-BA0E-740E2547BD91}.
Unable to cancel {542572C4-136A-41BC-AE2F-3CC2F10BE06E}.
Unable to cancel {5433BBE3-167F-4E3F-A006-BD698276A453}.
Unable to cancel {D992B8AF-1226-4466-A63E-6A0617B12DDD}.
Unable to cancel {17B7E6C7-C97C-47E9-8BE1-30EB651C0447}.
Unable to cancel {6C7EDECE-0F9D-43DC-B7DC-D13BF10E1620}.
Unable to cancel {D276528B-7382-4D78-A388-480078852035}.
Unable to cancel {523A3C2A-BD5D-4D26-A2D8-43D970E90C05}.
Unable to cancel {CEDA78D9-D345-41E2-A744-0706EE7EBF94}.
Unable to cancel {F3F634BF-550D-48FE-955A-310FC8EB4366}.
Unable to cancel {AC273950-0A1A-4736-8689-CEEA89E698AA}.
Unable to cancel {C651CB26-9456-4C54-B7B1-0A45A316516E}.
Unable to cancel {187E3632-A2CA-4864-BAAC-9FD8F3D0DE7A}.
Unable to cancel {EE9C4A5D-652B-4963-BF39-C2DBB2EEBB7E}.
Unable to cancel {EDF267B9-F426-4A56-8651-84F480FFA672}.
Unable to cancel {FF44AC38-EB2C-4530-A831-30397E1BB669}.
Unable to cancel {FF0D53E3-49FE-4525-9E25-F55A4C7CFB13}.
Unable to cancel {717C7DB9-1295-49A5-A2F2-8C7771A62EA6}.
Unable to cancel {F770567D-AC15-4BE0-A25D-C20703095066}.
Unable to cancel {48BDFEA1-6B8A-421F-AE9B-BA8B362C2B03}.
Unable to cancel {C380E429-2C73-4E72-965D-AC671E82EBEE}.
Unable to cancel {B24512F4-787D-4AB5-A5DB-D17B1800C523}.
Unable to cancel {72E93893-20A6-4E4A-B35F-4CB6A76824F6}.
Unable to cancel {7AB46822-42FE-4918-AC0D-36A4E1E66B17}.
Unable to cancel {F849EA6C-C32F-48FA-835F-ACEAEDF75148}.
Unable to cancel {4BB87E7D-68A5-457E-8E08-35C32FEAA728}.
Unable to cancel {BB29086F-11F5-453C-A791-E7B43DB977FC}.
Unable to cancel {74605267-6B3A-4950-BDB5-871CD1D4ACC9}.
Unable to cancel {007A7C49-3FE7-4087-B886-41BCAB4BA0FC}.
0 out of 29 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 4.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog 12:56:20 ====

#10
DanoNH

Posted 20 May 2015 - 02:12 PM

Trusted Helper

Malware Removal
2,155 posts

Thanks for the answers, and no worries about the FRST fix. How is the computer working at this point?

I'll be back with some more steps, so hang tight.

#11
pattyL

Posted 20 May 2015 - 02:19 PM

Member

Topic Starter
Member
35 posts

Thanks.

I am at work and using my desktop mostly this morning, except to run these tools and answer your questions. I just tried browsing the internet a little and I can't tell if it is significantly faster or not, still seems a little sluggish.

Does it look to you like we fixed some problems or deleted any malware?

#12
DanoNH

Posted 20 May 2015 - 04:30 PM

Trusted Helper

Malware Removal
2,155 posts

Great, thank you Miles. Yes we did clean some malware already, but now we are going to try to clean up the rest (or at least get them identified).

Please pay special attention to the ESET scan steps. We only want to scan, not remove anything at this point. ESET can produce false positives and we need to be sure we remove only malware and don't cripple your computer. The good thing is it will give us a thorough second opinion.

Ready? Here are our next steps:

First
Run AdwCleaner

Close all open windows and browsers.
Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to complete.
When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
Click the Cleaning button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Second
Run Malwarebytes' Anti-Malware (already installed):

Open it, select the Dashboard tab, and click on "Update Now":
If a scan update is available, it will install it. Install any program updates it offers.
Please reboot if you are asked to.
Start Malwarebytes' Anti-Malware
Now select the Settings tab, and check the box next to Scan for rootkits:
Go back to the Dashboard tab, and click the Scan Now button:
The scan may take some time to finish,so please be patient.
When the scan is complete, it will show you the results:
Make sure that everything is checked, and click Remove Selected (or similar).
When disinfection is completed, a log may open in Notepad and you may be prompted to Restart. (See Extra Note below)
The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
Choose the latest Scan Log:
In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Third
Please run a free online scan with the ESET Online Scanner:

Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!

Visit the ESET Online Scanner Web Page
Select the blue Run ESET Online Scanner button:
Tick the box next to Yes, I accept the Terms of Use and click Start
When asked, allow the ActiveX control to install.
Select Enable detection of potentially unwanted applications.
Select Advanced Settings:
Check the option Enable Anti-Stealth technology, but make sure that Remove found threats is unchecked!
Click Start. (This scan can take several hours, so please be patient.)
Allow the program to update:
Once the scan is completed, select List of found threats:
Select Export to text file... and save the file as ESETlog.txt on your Desktop:
Click the Back button.
Important: Make sure that the Uninstall application on close and Delete quarantined files checkboxes are both unchecked !

Click the Finish button:
Use Notepad to open the saved log file (on your Desktop- ESET.txt)
Copy and paste that log as a reply to this topic.

Finally
In your next reply, please copy/paste the contents of the following logs:

AdwCleaner
MBAM
ESET

And let me know how the computer is running now...

#13
pattyL

Posted 20 May 2015 - 05:21 PM

Member

Topic Starter
Member
35 posts

Below are the results of 2 scans. I could not get ESET to start. I got to the point of accepting the terms to use it and hit start and then it just gave me a gray screen. I never could get the Active X to show up. I rebooted and tried again with the same result.

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 15:37:42
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : MLovelace - MILESLAPTOP
# Running from : C:\Users\MLovelace\Desktop\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [2472 bytes] - [20/05/2015 11:49:59]
AdwCleaner[R1].txt - [2337 bytes] - [20/05/2015 15:35:09]
AdwCleaner[S0].txt - [2126 bytes] - [20/05/2015 15:37:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2185 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2015
Scan Time: 3:44:50 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.20.05
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: MLovelace

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337855
Time Elapsed: 6 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#14
DanoNH

Posted 20 May 2015 - 06:40 PM

Trusted Helper

Malware Removal
2,155 posts

How is the computer running after the last steps?

This article contains steps to change your browser security settings to allow the ESET Online Scanner to run.
Here's a summary of the article:

Open Internet Explorer and click Tools Internet Options Security and click Custom Level.
Make sure Enable is selected underneath Active scripting and Run ActiveX controls and plug-ins.
Click OK to save your changes. When prompted to confirm your changes for this zone, click Yes.
Click OK to exit the Internet Options window. Try to run the ESET Online Scanner again. If the Scanner still won't run, continue to the instructions below.

If this does not resolve the issue, you may need to add https://www.eset.com/us/online-scanner and https://www.eset.eu to the Trusted Sites list in Internet Explorer. To add these websites to your Trusted Sites list, please follow the steps below:

Open your Internet Explorer browser and click Tools Internet Options.
Click the Security tab, click the Trusted Sites icon and then click the Sites button.
In the first field type: https://www.eset.com/us/online-scanner and click Add.
In the same field type: https://www.eset.eu and click Add.
Click Close and then click OK to save the changes.