[hongbones]

 

hello! my computer seems to be infected wi virus that causes constant ads and popups; some popups open new tabs on their own. One of the ads is calledd "ads by saleplus".

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Atiyyah (administrator) on ATHOME on 27-06-2015 22:57:15
Running from C:\Users\Intaaf\Desktop
Loaded Profiles: Atiyyah (Available Profiles: Atiyyah)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
Microsoft Corporation) C:\Program Files Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86) Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Symantec Corporation) C:\Program Files (x86) Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Gateway\Gateway Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Pokki) C:\Users\Intaaf\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
McAfee, Inc.) C:\Program Files McAfee Security Scan\3.8.150\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Pokki) C:\Users\Intaaf\AppData\Local\Pokki\Engine\HostAppService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Pokki) C:\Users\Intaaf\AppData\Local\Pokki\Engine\HostAppService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Pokki) C:\Users\Intaaf\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
() C:\Program Files (x86)\Gateway\Live Updater\updater.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-10-23] (Spotify Ltd)
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\RunOnce: [Application Restart #3] => C:\Users\Intaaf\AppData\Local\Pokki\Engine\HostAppService.exe [7853568 2015-05-29] (Pokki)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk [2014-01-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2985085416-437969470-2083931593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
HKU\S-1-5-21-2985085416-437969470-2083931593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=AGJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2985085416-437969470-2083931593-1001 -> DefaultScope {9BA0FB58-AB0F-11E4-82AB-3065EC1FE5DD} URL =
SearchScopes: HKU\S-1-5-21-2985085416-437969470-2083931593-1001 -> {20EC2ED0-4A5F-4C70-9F80-0EC138D4A715} URL =
SearchScopes: HKU\S-1-5-21-2985085416-437969470-2083931593-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.searc...p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: SpoaiceOfffErs -> {54028CE4-98F6-4517-801F-F3092737DB77} -> C:\Program Files (x86)\SpoaiceOfffErs\S5SlecoD8NF8kL.x64.dll [2015-06-14] ()
BHO: bestadblocker -> {619e0da7-04de-4947-a578-865438767d38} -> C:\Program Files (x86)\bestadblocker\pK88I7fG7GcwjT.x64.dll No File
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: DigiCoupOn -> {D09AEFC4-92A7-4C7B-9824-0796D0994ECD} -> C:\Program Files (x86)\DigiCoupOn\MmwX8lSstHzzkT.x64.dll [2015-06-21] ()
BHO: DiigiCooupon -> {E2C9AB5A-0710-4AEF-B8CC-016324C7DEFD} -> C:\Program Files (x86)\DiigiCooupon\JW5I78wWLeRDF2.x64.dll [2015-06-21] ()
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-26] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-26] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Intaaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmfquphl.default-1432440194719
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Extension: AdPunisher - C:\Users\Intaaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmfquphl.default-1432440194719\Extensions\[email protected]_hh_xhqhu.com [2015-06-20]
FF Extension: SpoaiceOfffErs - C:\Users\Intaaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmfquphl.default-1432440194719\Extensions\[email protected] [2015-06-14]
FF Extension: ActiveCoupon - C:\Users\Intaaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmfquphl.default-1432440194719\Extensions\[email protected] [2015-06-14]
FF Extension: DigiCCoupoon - C:\Users\Intaaf\AppData\Roaming\Mozilla\Firefox\Profiles\gmfquphl.default-1432440194719\Extensions\[email protected] [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-06-27]
FF HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-18]
CHR Extension: (Google Drive) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-18]
CHR Extension: (YouTube) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-18]
CHR Extension: (McAfee Security Scan+) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-03]
CHR Extension: (Google Search) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-18]
CHR Extension: (SpoaiceOfffErs) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjocmbnibidjdonphngeljcdfncdange [2015-06-14]
CHR Extension: (XKit) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-03-25]
CHR Extension: (Handy maps) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamlmgkgpkoacendnhjdlccbijpkflbf [2015-04-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Twitch Now) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-06-21]
CHR Extension: (Google Wallet) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-18]
CHR Extension: (Beautify for Trello) - C:\Users\Intaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2015-06-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-06-27]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-17] (WildTangent)
R2 LMSvc; C:\Program Files\Gateway\Gateway Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R3 QASvc; C:\Program Files\Gateway\Gateway Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Gateway\Gateway Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 22:57 - 2015-06-27 23:04 - 00024690 _____ C:\Users\Intaaf\Desktop\FRST.txt
2015-06-27 22:56 - 2015-06-27 22:57 - 00000000 ____D C:\FRST
2015-06-27 22:47 - 2015-06-27 22:47 - 02112512 _____ (Farbar) C:\Users\Intaaf\Desktop\FRST64.exe
2015-06-27 21:47 - 2015-06-27 21:47 - 00002559 _____ C:\Users\Public\Desktop\Norton Identity Safe.LNK
2015-06-27 21:47 - 2015-06-27 21:47 - 00000000 ____D C:\Windows\system32\Drivers\NSTx64
2015-06-27 21:46 - 2015-06-27 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-06-27 21:46 - 2015-06-27 21:47 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2015-06-26 16:34 - 2015-06-26 16:32 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-26 16:32 - 2015-06-26 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-26 16:27 - 2015-06-26 16:27 - 00561248 _____ (Oracle Corporation) C:\Users\Intaaf\Downloads\jxpiinstall.exe
2015-06-23 23:12 - 2015-06-23 23:12 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-23 23:12 - 2015-06-23 23:12 - 00001166 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-23 23:12 - 2015-06-23 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-23 23:11 - 2015-06-23 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-23 23:04 - 2015-06-23 23:04 - 00243408 _____ C:\Users\Intaaf\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-23 22:34 - 2015-06-23 22:34 - 03088296 _____ (Symantec Corporation) C:\Users\Intaaf\Downloads\NPE.exe
2015-06-23 22:29 - 2015-06-26 19:45 - 00000000 ____D C:\Users\Intaaf\AppData\Local\NPE
2015-06-23 20:01 - 2015-06-23 20:01 - 00000000 ____D C:\ProgramData\PCSettings
2015-06-23 19:52 - 2015-06-23 20:22 - 00042496 ___SH C:\Users\Intaaf\Desktop\Thumbs.db
2015-06-23 19:52 - 2015-06-23 20:22 - 00001319 _____ C:\Users\Intaaf\Desktop Norton Installation Files.lnk
2015-06-23 19:52 - 2015-06-23 19:52 - 01110424 _____ (Symantec Corporation) C:\Users\Intaaf\Downloads\NSDownloader.exe
2015-06-23 19:52 - 2015-06-23 19:52 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-23 18:48 - 2015-06-23 18:48 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-21 23:59 - 2015-06-26 16:26 - 00000000 ____D C:\Program Files (x86)\Twitch Now
2015-06-21 23:57 - 2015-06-23 20:39 - 00000000 ____D C:\Program Files (x86)\DigiCoupOn
2015-06-21 23:56 - 2015-06-23 20:39 - 00000000 ____D C:\Program Files (x86)\DiigiCooupon
2015-06-21 23:56 - 2015-06-21 23:56 - 00000000 ____D C:\Program Files (x86)\DigiCCoupoon
2015-06-20 21:58 - 2015-06-20 21:58 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-06-17 21:29 - 2015-04-08 18:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-17 21:29 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-17 21:29 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-17 21:29 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-17 21:29 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-17 21:28 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-17 21:28 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-17 17:29 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-17 17:29 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-17 17:29 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-17 17:24 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-17 17:24 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-17 17:24 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-17 17:24 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-17 17:24 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-17 17:23 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-17 17:23 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-17 17:23 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-17 17:23 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-17 17:23 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-17 17:23 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-17 17:23 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-17 17:23 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-17 17:23 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-17 17:23 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-17 17:23 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-17 17:23 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-17 17:23 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-17 17:23 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-17 17:23 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-14 13:00 - 2015-06-23 22:09 - 00000000 ____D C:\Program Files (x86)\SoftwarePlus
2015-06-14 12:59 - 2015-06-26 16:18 - 00000000 ____D C:\Program Files (x86)\Beautify for Trello
2015-06-14 12:58 - 2015-06-23 20:39 - 00000000 ____D C:\Program Files (x86)\SpoaiceOfffErs
2015-06-14 12:55 - 2015-06-14 12:55 - 00004096 _____ C:\Windows\SysWOW64\ntwdblib.dll
2015-06-12 20:55 - 2015-06-12 20:55 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-12 20:55 - 2015-06-12 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-12 20:31 - 2015-06-12 20:32 - 00931408 _____ (Google Inc.) C:\Users\Intaaf\Downloads\ChromeSetup(1).exe
2015-06-09 17:47 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 17:47 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 17:47 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 17:47 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 17:46 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 17:46 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 17:46 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 17:46 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 17:46 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 17:46 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 17:46 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 17:46 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 17:46 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 17:46 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 17:46 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 17:46 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 17:46 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 17:46 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 17:46 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 17:46 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 17:46 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 17:46 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 17:46 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 17:46 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 17:46 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 17:46 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 17:46 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 17:46 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 17:46 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 17:46 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 17:46 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 17:46 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 17:46 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 17:46 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 17:46 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 17:46 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 17:46 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 17:46 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 17:46 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 17:46 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 17:46 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 17:46 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 17:45 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-06 00:32 - 2015-06-14 12:58 - 00000000 ____D C:\Program Files (x86)\ExsttruaSavings
2015-06-06 00:31 - 2015-06-06 00:31 - 00000000 ____D C:\Program Files (x86)\ExsTraSavings
2015-06-06 00:30 - 2015-06-06 00:30 - 00000000 ____D C:\Program Files (x86)\CalendarWeek
2015-06-06 00:28 - 2015-06-14 12:58 - 00000000 ____D C:\Program Files (x86)\ExsTraoSavvinngs
2015-05-29 19:42 - 2015-05-29 19:42 - 00660220 _____ C:\Users\Intaaf\Documents\001.tif
2015-05-28 21:40 - 2015-05-28 21:40 - 00000000 _____ C:\Users\Intaaf\AppData\Local\{51C1DCF3-919A-4127-98A2-1416288B8203}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-27 22:48 - 2014-02-12 20:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-27 22:35 - 2013-10-23 07:45 - 01863458 _____ C:\Windows\WindowsUpdate.log
2015-06-27 22:16 - 2014-01-10 11:38 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2985085416-437969470-2083931593-1001
2015-06-27 22:15 - 2013-09-05 11:46 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 22:14 - 2014-01-10 11:30 - 00000000 ____D C:\Users\Intaaf\AppData\Local\Pokki
2015-06-27 22:13 - 2014-09-20 17:31 - 00000000 ___RD C:\Users\Intaaf\iCloudDrive
2015-06-27 22:12 - 2014-01-17 19:14 - 00000000 __RDO C:\Users\Intaaf\SkyDrive
2015-06-27 22:11 - 2013-08-22 10:46 - 00031525 _____ C:\Windows\setupact.log
2015-06-27 22:11 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 22:10 - 2013-09-05 11:55 - 00000000 ____D C:\ProgramData\Norton
2015-06-27 22:10 - 2013-09-05 11:36 - 01730304 _____ C:\Windows\PFRO.log
2015-06-27 22:06 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-27 22:06 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-27 21:21 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-27 21:18 - 2014-09-09 22:08 - 00000000 ____D C:\Users\Intaaf\AppData\Local\Adobe
2015-06-26 23:45 - 2013-10-23 07:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-06-26 23:05 - 2014-11-22 22:51 - 00000000 ____D C:\Users\Intaaf\AppData\Roaming\Skype
2015-06-26 16:35 - 2014-12-17 01:32 - 00000000 ____D C:\ProgramData\Oracle
2015-06-26 16:31 - 2014-12-17 01:31 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-26 16:26 - 2015-05-15 21:18 - 00000000 ____D C:\Program Files (x86)\OpenDyslexic
2015-06-26 16:26 - 2015-04-22 23:04 - 00000000 ____D C:\Program Files (x86)\SalePlus
2015-06-26 16:20 - 2015-01-23 23:33 - 00000000 ____D C:\Program Files (x86)\Kakao
2015-06-26 16:17 - 2015-05-15 21:15 - 00000000 ____D C:\Program Files (x86)\FindoBesstDoeal
2015-06-25 16:54 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 22:15 - 2014-12-25 15:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 20:11 - 2014-12-13 17:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-23 20:07 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:40 - 2014-10-25 17:41 - 00315904 ___SH C:\Users\Intaaf\Downloads\Thumbs.db
2015-06-23 18:49 - 2014-02-12 20:38 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-22 22:47 - 2015-05-23 18:06 - 00000024 _____ C:\Users\Intaaf\AppData\Roaming\appdataFr25.bin
2015-06-22 00:00 - 2015-04-22 23:03 - 00000000 ____D C:\ProgramData\3560252052232944589
2015-06-21 21:37 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-20 22:30 - 2014-01-20 22:24 - 00000000 ____D C:\Windows\system32\MRT
2015-06-20 22:10 - 2014-01-20 22:24 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-19 23:02 - 2014-07-09 15:26 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2014-07-09 15:26 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-14 12:59 - 2015-05-15 20:54 - 00000000 ____D C:\Program Files (x86)\StatMaker
2015-06-14 12:58 - 2015-05-15 21:19 - 00000000 ____D C:\Program Files (x86)\Fuun2SAve
2015-06-14 12:58 - 2015-05-15 21:15 - 00000000 ____D C:\Program Files (x86)\FunuDaeals
2015-06-12 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-06-12 20:52 - 2014-01-18 17:52 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 23:05 - 2014-01-10 11:30 - 00000000 ____D C:\Users\Intaaf
2015-06-11 19:21 - 2013-08-22 10:44 - 00478072 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 00:04 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-02 22:23 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-02 00:45 - 2015-04-05 20:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-02 00:45 - 2015-04-05 20:21 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-31 19:12 - 2014-01-10 11:32 - 00000000 ____D C:\Users\Intaaf\AppData\Local\Packages
2015-05-31 16:03 - 2014-07-30 17:56 - 00000000 ____D C:\Users\Intaaf\AppData\Local\Deployment
2015-05-30 23:41 - 2015-05-24 00:01 - 00002318 _____ C:\Users\Intaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

==================== Files in the root of some directories =======

2015-06-20 21:58 - 2015-06-20 21:58 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-23 18:06 - 2015-06-22 22:47 - 0000024 _____ () C:\Users\Intaaf\AppData\Roaming\appdataFr25.bin
2015-05-28 21:40 - 2015-05-28 21:40 - 0000000 _____ () C:\Users\Intaaf\AppData\Local\{51C1DCF3-919A-4127-98A2-1416288B8203}
2013-10-23 08:04 - 2013-10-23 08:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-10 11:46 - 2014-01-10 11:46 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Intaaf\AppData\Local\Temp\3714336557572608426b.exe
C:\Users\Intaaf\AppData\Local\Temp\6448131735792973622.exe
C:\Users\Intaaf\AppData\Local\Temp\APNSetup.exe
C:\Users\Intaaf\AppData\Local\Temp\B3B0.exe
C:\Users\Intaaf\AppData\Local\Temp\ntwdblib.dll
C:\Users\Intaaf\AppData\Local\Temp\oct20DE.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct25E0.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct2D38.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct2FAA.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct3F2E.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct4ACD.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct5B9F.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct5F99.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct6162.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct68E5.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct7614.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct7BC.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct848E.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct97DA.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct9A66.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\oct9CCB.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octAC2F.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octB292.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octC3FA.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octC43B.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octC48.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octCABE.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octD16B.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octD403.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octD816.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octDCB3.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octDF82.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octDFED.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octE447.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octE6F7.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octF0B5.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\octFEAA.tmp.exe
C:\Users\Intaaf\AppData\Local\Temp\setacl.exe
C:\Users\Intaaf\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 11:13

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Atiyyah at 2015-06-27 23:12:32
Running from C:\Users\Intaaf\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2985085416-437969470-2083931593-500 - Administrator - Disabled)
Atiyyah (S-1-5-21-2985085416-437969470-2083931593-1001 - Administrator - Enabled) => C:\Users\Intaaf
Guest (S-1-5-21-2985085416-437969470-2083931593-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2985085416-437969470-2083931593-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{4465D909-4FA8-86D2-121C-676BB60E63D7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AOL (HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.3 - Pokki)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
Gateway Games (HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Pokki_9a4324f00d4f0f3e5795bc8a599c0551ac01936f) (Version: 1.1.9.43466 - Pokki)
Gateway Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Gateway Incorporated)
Gateway Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GovernorPlatform (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ec9c17f1}) (Version:  - GovernorPlatform) <==== ATTENTION
Handy maps (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Host App Service (HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Gateway Incorporated)
iExplorer 3.2.5.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Gateway Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-2985085416-437969470-2083931593-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
SpoaiceOfffErs (HKLM-x32\...\{C206CC20-60D6-8D02-746E-4465CC40B2F6}) (Version:  - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
StatMaker (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{78b2995}) (Version:  - Software Publisher) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {060E9475-4073-4490-9A60-3811B4F22831} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {12DCD060-A7F8-44C3-A381-2FC12B4A3FF3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {174AD047-F092-4415-B69E-164E4CE86A3D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {202A49B1-EE01-4AAB-9D73-9FB753F8674E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2353A7BA-4ACD-40FB-BD3F-88148B3902DC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2BA8A22E-8767-457C-B82D-747E79CBB1C3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {35B82500-8307-4BE1-9B73-3D47847E046F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {38A931D4-4ABF-41C1-9EBA-0526D24C3A80} - System32\Tasks\Quick Access => C:\Program Files\Gateway\Gateway Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {40A3B277-93CD-4E00-A2EE-0D4EBDA80325} - System32\Tasks\Launch Manager => C:\Program Files\Gateway\Gateway Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {425010A0-8C8A-4900-A981-6A5BFDBA803D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {4CE03BE8-10BB-46A3-80E1-556CEF873A22} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4DACBAE1-6E27-441C-AC79-02C4526BFE42} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-07-08] ()
Task: {59923BDD-3099-4858-A7FE-83333B23AE49} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {7295FA4B-3AEA-4B0D-8BEC-ECA882DE560B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {918965D3-14C2-4AE8-A57B-4C62B6897186} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {98243034-3F4F-4E73-B36C-E1666159E0B1} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {9B58552B-B11F-480C-AF15-7AD5FF68B8E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-20] (Microsoft Corporation)
Task: {A3A9280A-761A-4D0F-8668-4125E217AE86} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {A4CD0B93-AFE8-4021-85D0-33DB40E3074E} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {A5B9C901-CEFC-473E-A031-D669EDA7A71B} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {AEDC0FE1-6537-4BF5-87C2-32FF819C277F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-27] (Acer Incorporated)
Task: {C25D73D8-12AF-4032-9E7F-90FE3D2B3B93} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D14ABD2E-8358-452B-8F44-1AAC24A97958} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {D888E696-65D8-43B2-8DC1-0F15EC0E2CBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {EC85ECDC-9092-44A1-AB02-09E6D58CA300} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-13 17:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-29 15:28 - 2013-01-29 15:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 15:28 - 2013-01-29 15:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00008704 _____ () C:\Windows\system32\WinMetadata\Windows.Management.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00030208 _____ () C:\Windows\system32\WinMetadata\Windows.Foundation.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00134144 _____ () C:\Windows\system32\WinMetadata\Windows.ApplicationModel.winmd
2013-08-22 03:19 - 2013-08-22 02:54 - 00020480 _____ () C:\Windows\system32\WinMetadata\Windows.System.winmd
2013-01-29 15:28 - 2013-01-29 15:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2014-09-26 15:41 - 2014-09-26 15:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-16 17:53 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-07 04:48 - 2013-09-07 04:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 04:45 - 2013-09-07 04:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 04:52 - 2013-09-07 04:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-09-26 15:40 - 2014-09-26 15:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-07-08 17:34 - 2013-07-08 17:34 - 04150312 _____ () C:\Program Files (x86)\Gateway\Live Updater\updater.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-23 08:27 - 2013-07-30 21:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-09-28 22:01 - 2014-09-28 22:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-06-12 20:54 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-12 20:54 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 00569856 _____ () C:\Users\Intaaf\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 01400846 _____ () C:\Users\Intaaf\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 00151054 _____ () C:\Users\Intaaf\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 16:15 - 2015-04-28 16:15 - 00222734 _____ () C:\Users\Intaaf\AppData\Local\Pokki\Engine\avformat-54.dll
2015-06-12 20:54 - 2015-06-05 14:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Intaaf\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Intaaf\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2985085416-437969470-2083931593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Intaaf\Pictures\2015-03-05\IMG_0011.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AFA84E43-07C7-480A-8E59-91530DAF5953}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{90E98B0E-ADA6-4F7A-A5E0-E6D18B3BB88A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{3488BC7E-F972-441D-BCB8-A87D8A843D72}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E3D29E86-ABC9-4D31-9E8F-F38004BECEF4}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B35430E0-685C-4EF0-A7AF-237AD873AD7A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AE89ADA-F20E-4299-9E8D-143ECA9F9533}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B033445B-2D41-4AE2-9509-244CF1FC5A69}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{3B618E56-EBCB-4C41-BF3C-287602994CC2}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{AD489391-34FA-4767-8EB2-94B8DD8457C2}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{EED50F83-55A8-4F2D-BFB5-3C0A6E0AF4A7}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{B22ACB4B-C331-4657-9EFA-E46D4AA98B62}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{4158DE74-5975-4B52-9988-6E31BB16BC05}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{50AC570E-980F-4661-8660-E23909D0DDE7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F26CAD6B-804A-4F11-AB97-3B735A047BA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{B75B0EDB-C3D9-43E7-A1ED-BA17ADF7283B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2F7C4616-7497-4BC3-B11C-049CFE054474}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{93CAE712-0874-4D20-AB31-999A04FD0F3E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{64A58E19-FCC8-4C64-AF59-A33AC9900E2A}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{3F5ACCD1-CFF5-48A8-8ACD-4526648ECF6D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{7FBEB94E-D588-4A8D-900C-7C776DF5E89E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{BAFB850C-3F54-4214-BA59-01C0AF60C38F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5433EEFC-C0DF-4475-9F86-33B8DF6245C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{3B87C44A-ABCF-4036-8290-D5734D29E7FE}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{F4C13627-BFFB-4F36-BC2D-9509C5602DAF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{25CCCCED-E111-4258-B4BD-A95385F115DC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{BFC48582-4F5F-474D-A50D-04CEF026A1EB}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{EEB974D4-F578-47C1-BE32-446FBF06518D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{7B51420F-A025-41B1-B568-9BFFC9197472}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{BBB89B0F-45B2-4D43-B786-0621202F5B06}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D6523A04-46CA-40E7-BD24-DA224E8F6FAE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{A5CCD1BF-6B5E-4546-B358-320AA4ADB969}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{AD038197-0C7B-4320-8DBE-F15C0EFA9059}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{43022EC4-EC7A-4AF1-BA92-65D8CF3BF447}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{B283A874-EFD0-481A-95AA-AFECEEDB5364}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{E6E7E427-3559-48B4-A5BA-FB3A910F0150}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{F8EE1770-AA70-4465-B4F4-198D97C7BE58}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C7D33044-D8F5-4E0F-8D5D-C48663971807}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E76DCCF-55FE-45C3-89C0-E22D2687560F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{962E00BA-37A9-443E-A1C6-8CACDEC208D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{731980A7-3C7F-4CE1-91C8-632828E5164E}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [UDP Query User{50153B45-A5A7-4659-B56B-13B4523355AC}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{A3978712-5537-418A-9D7B-2063724A9D7B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E8E70350-B7D7-4CDE-96FD-BC3485A7C938}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{037C3024-4F1F-44CA-8428-83CD7A57860C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{138EDE1E-9E57-4869-A049-709B4CDB22A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5925D591-DDCA-47C5-8FC2-AE1242884917}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{93E7D43D-3F3A-4774-936C-1E766B11EAE9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{052C954C-6D18-4D77-BCD8-28A42C4209A6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8EE80A0E-666E-4CDB-B79D-BADDF570A8AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2015 11:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62453

Error: (06/27/2015 11:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62453

Error: (06/27/2015 11:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/27/2015 11:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14360

Error: (06/27/2015 11:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14360

Error: (06/27/2015 11:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/27/2015 11:16:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5938

Error: (06/27/2015 11:16:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5938

Error: (06/27/2015 11:16:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/27/2015 11:15:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2625


System errors:
=============
Error: (06/27/2015 11:17:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SolutoService service.

Error: (06/27/2015 10:19:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ePower Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/27/2015 10:13:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/27/2015 10:10:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (06/27/2015 10:10:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CCDMonitorService service.

Error: (06/27/2015 10:09:19 PM) (Source: DCOM) (EventID: 10010) (User: ATHOME)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/27/2015 10:09:13 PM) (Source: DCOM) (EventID: 10010) (User: ATHOME)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/27/2015 10:08:57 PM) (Source: DCOM) (EventID: 10010) (User: ATHOME)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/27/2015 10:08:57 PM) (Source: DCOM) (EventID: 10010) (User: ATHOME)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/27/2015 10:08:56 PM) (Source: DCOM) (EventID: 10010) (User: ATHOME)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office:
=========================
Error: (06/27/2015 11:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62453

Error: (06/27/2015 11:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62453

Error: (06/27/2015 11:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/27/2015 11:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14360

Error: (06/27/2015 11:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14360

Error: (06/27/2015 11:16:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/27/2015 11:16:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5938

Error: (06/27/2015 11:16:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5938

Error: (06/27/2015 11:16:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/27/2015 11:15:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2625


==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3525.01 MB
Available physical RAM: 1010.01 MB
Total Pagefile: 4485.01 MB
Available Pagefile: 1075.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:681.12 GB) (Free:609.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6EC8F460)

Partition: GPT Partition Type.

==================== End of log ============================

 

 

 

[Advertisements]

Greetings and

My nickname is Ruggie and I will be assisting you in cleaning your computer.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

 

Step 1

 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

• Download the attached  fixlist.txt   4.08KB   135 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
• Right click and run as administrator. When the tool opens click Yes to the disclaimer.
• Press the Fix button.
• It will produce a log called fixlog.txt on your Desktop.
• Please copy and paste the contents of that log back here.
  
  NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 

  Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by right-clicking and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

Step 3

 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

Items I need to see in your next post:

• FRST Fixlog
• JRT Report
• ADWcleaner scan report

 

 

 

 

[ruggie_uk]

Greetings and

My nickname is Ruggie and I will be assisting you in cleaning your computer.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

 

Step 1

 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

• Download the attached  fixlist.txt   4.08KB   135 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
• Right click and run as administrator. When the tool opens click Yes to the disclaimer.
• Press the Fix button.
• It will produce a log called fixlog.txt on your Desktop.
• Please copy and paste the contents of that log back here.
  
  NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 

  Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by right-clicking and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

Step 3

 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

Items I need to see in your next post:

• FRST Fixlog
• JRT Report
• ADWcleaner scan report