Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I keep getting redirected to ads [Closed]


  • This topic is locked This topic is locked

#1
ToniW

ToniW

    Member

  • Member
  • PipPip
  • 10 posts

After loading a page my computer sometimes redirects me to ads with no warning whatsoever and no input from me. Also in place of some icons I get a square with F0 on the top row and 2 random characters on the bottom. I talked to one of your members on live chat and they pointed me here. Hopefully you can help me fix it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by tonielizabeth (administrator) on TONI-PC (24-09-2015 22:58:35)
Running from C:\Users\tonielizabeth\Desktop
Loaded Profiles: tonielizabeth (Available Profiles: tonielizabeth & tangy_000 & Guest)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleaner.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleaner.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-09-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\Run: [GenieFloater] => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe [1850520 2015-02-06] (Oppoos.com)
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-04] (Spotify Ltd)
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\Run: [UpdateAdmin] => C:\Users\tonielizabeth\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53737488 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\RunOnce: [Uninstall C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\RunOnce: [Uninstall C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\RunOnce: [Uninstall C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\RunOnce: [Uninstall C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\RunOnce: [Uninstall C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\RunOnce: [Uninstall C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-08-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1cc8970c-fa66-469e-b022-c1c4e1fc81d3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rts.dsrlte.com?affID=na
SearchScopes: HKLM -> {3AC6EB0B-3E8A-4940-8273-7DEC8FC97C81} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3225058651-2230390788-3555302883-1001 -> {3AC6EB0B-3E8A-4940-8273-7DEC8FC97C81} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-08] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tonielizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\dz9avust.default
FF NewTab:
FF Keyword.URL:
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-28] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Extension: imageblockererikvoldcom - C:\Users\tonielizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\dz9avust.default\Extensions\[email protected] [2015-04-02]
FF Extension: md5rehasherphoneixses - C:\Users\tonielizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\dz9avust.default\Extensions\[email protected] [2015-04-21]
FF Extension: vdpurelink64 - C:\Users\tonielizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\dz9avust.default\Extensions\[email protected] [2015-05-29]
FF Extension: YouTube Downloader and Converter - C:\Users\tonielizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\dz9avust.default\Extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3667}.xpi [2014-09-10]
FF Extension: YouTube Downloader and Converter - C:\Users\tonielizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\dz9avust.default\Extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3775}.xpi [2014-08-16]
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi [2015-09-22]
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi
FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi [2015-09-22]
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Mozilla Firefox\extension\\getvideosoft.xpi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-09-14] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 GenieCleanService; C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe [53400 2015-02-06] (Oppoos.com)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [480512 2015-07-07] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67832 2015-05-19] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-24 22:58 - 2015-09-24 22:59 - 00021456 _____ C:\Users\tonielizabeth\Desktop\FRST.txt
2015-09-24 22:58 - 2015-09-24 22:58 - 00000000 ____D C:\Users\tonielizabeth\Desktop\FRST-OlderVersion
2015-09-24 21:49 - 2015-09-24 21:49 - 00016148 _____ C:\WINDOWS\system32\TONI-PC_tonielizabeth_HistoryPrediction.bin
2015-09-22 23:33 - 2015-09-23 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-21 22:19 - 2015-09-21 22:40 - 23198443 _____ C:\Users\tonielizabeth\Desktop\DG.wmv
2015-09-19 00:34 - 2015-09-20 23:49 - 34358865 _____ C:\Users\tonielizabeth\Desktop\iwbt.wmv
2015-09-19 00:14 - 2015-09-21 00:13 - 00253168 _____ C:\Users\tonielizabeth\Desktop\iwbt.veg
2015-09-19 00:14 - 2015-09-20 21:25 - 00089472 _____ C:\Users\tonielizabeth\Desktop\iwbt.veg.bak
2015-09-19 00:09 - 2015-09-19 00:26 - 01037537 _____ C:\Users\tonielizabeth\Desktop\Untitled.wmv
2015-09-18 23:49 - 2015-09-18 23:51 - 00326848 _____ C:\Users\tonielizabeth\Downloads\Nightcore - I Will Be There.avi.sfk
2015-09-18 23:03 - 2015-09-18 23:47 - 2003486804 _____ C:\Users\tonielizabeth\Downloads\Nightcore - I Will Be There.avi
2015-09-18 22:44 - 2015-09-18 22:44 - 38429814 _____ C:\Users\tonielizabeth\Downloads\Nightcore - I Will Be There.wav
2015-09-18 22:36 - 2015-09-18 22:36 - 00002225 _____ C:\Users\tonielizabeth\Desktop\AfterFX - Shortcut.lnk
2015-09-18 22:36 - 2015-09-18 22:36 - 00000040 ____H C:\C08D64704EE5
2015-09-18 22:36 - 2015-09-18 22:36 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-18 22:28 - 2015-09-18 22:28 - 00191572 _____ C:\Users\tonielizabeth\Downloads\msvcp110.zip
2015-09-18 22:20 - 2015-09-24 21:53 - 00003168 _____ C:\WINDOWS\System32\Tasks\RDReminder
2015-09-18 22:20 - 2015-09-23 22:23 - 00000308 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-09-18 22:20 - 2015-09-23 22:20 - 00003148 _____ C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_Updates
2015-09-18 22:20 - 2015-09-23 22:20 - 00003134 _____ C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2015-09-18 22:20 - 2015-09-23 22:20 - 00000324 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2015-09-18 22:19 - 2015-09-18 22:19 - 05403720 _____ (Dll-Files.com ) C:\Users\tonielizabeth\Downloads\dffsetup-msvcp110.exe
2015-09-18 22:19 - 2015-09-18 22:19 - 00000000 ____D C:\Users\tonielizabeth\AppData\Roaming\dll-files.com
2015-09-18 22:19 - 2015-09-18 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-09-18 22:19 - 2015-09-18 22:19 - 00000000 ____D C:\ProgramData\Adobe
2015-09-18 22:19 - 2015-09-18 22:19 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
2015-09-18 22:15 - 2015-09-21 20:33 - 00000000 ____D C:\Users\tonielizabeth\Downloads\New folder
2015-09-18 22:13 - 2015-09-18 22:13 - 00001306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-09-18 22:13 - 2015-09-18 22:13 - 00001294 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-09-18 22:12 - 2015-09-18 22:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-18 22:05 - 2015-09-18 22:05 - 00000000 ____D C:\Users\tonielizabeth\Desktop\Adobe Application Manager 9.0
2015-09-18 22:03 - 2015-09-18 22:05 - 73133136 _____ (Adobe Systems Incorporated) C:\Users\tonielizabeth\Downloads\ApplicationManager9.0_all.exe
2015-09-18 21:35 - 2015-09-18 21:58 - 00000000 ____D C:\Program Files\Adobe
2015-09-18 21:35 - 2015-09-18 21:50 - 520323855 _____ C:\Users\tonielizabeth\Downloads\After Effects CC 2014 by _Alex_.rar
2015-09-17 23:52 - 2015-09-18 00:19 - 00000000 ____D C:\Users\tonielizabeth\AppData\Roaming\NCH Software
2015-09-17 23:52 - 2015-09-17 23:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-09-17 23:51 - 2015-09-17 23:51 - 01074944 _____ (NCH Software) C:\Users\tonielizabeth\Desktop\wpsetup.exe
2015-09-17 23:51 - 2015-09-17 23:51 - 00001349 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2015-09-17 23:51 - 2015-09-17 23:51 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2015-09-17 23:51 - 2015-09-17 23:51 - 00001199 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2015-09-17 23:51 - 2015-09-17 23:51 - 00000000 ____D C:\ProgramData\NCH Software
2015-09-17 23:51 - 2015-09-17 23:51 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-09-16 19:27 - 2015-09-16 19:28 - 00000000 ___RD C:\Users\tonielizabeth\3D Objects
2015-09-09 05:41 - 2015-09-02 02:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 05:41 - 2015-09-02 01:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 05:41 - 2015-09-02 01:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 05:41 - 2015-08-27 07:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 05:41 - 2015-08-27 07:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 05:41 - 2015-08-27 07:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 05:41 - 2015-08-27 06:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 05:41 - 2015-08-27 06:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 05:41 - 2015-08-27 06:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 05:41 - 2015-08-27 06:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 05:41 - 2015-08-27 06:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 05:41 - 2015-08-27 06:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 05:41 - 2015-08-27 06:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 05:41 - 2015-08-27 06:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 05:41 - 2015-08-27 06:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 05:41 - 2015-08-27 06:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 05:41 - 2015-08-27 06:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 05:41 - 2015-08-27 06:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 05:41 - 2015-08-27 06:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 05:41 - 2015-08-27 06:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 05:41 - 2015-08-27 06:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 05:41 - 2015-08-27 06:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 05:41 - 2015-08-27 06:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 05:41 - 2015-08-27 06:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 05:41 - 2015-08-27 06:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 05:41 - 2015-08-27 06:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 05:41 - 2015-08-27 06:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 05:41 - 2015-08-27 06:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 05:41 - 2015-08-27 06:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 05:41 - 2015-08-27 06:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 05:41 - 2015-08-27 06:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 05:41 - 2015-08-27 06:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 01:26 - 2015-08-20 07:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-07 01:26 - 2015-08-20 07:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-07 01:26 - 2015-08-20 07:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-07 01:26 - 2015-08-20 06:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-07 01:26 - 2015-08-20 06:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-07 01:26 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-07 01:26 - 2015-08-20 06:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-07 01:26 - 2015-08-20 06:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-07 01:26 - 2015-08-18 08:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-07 01:26 - 2015-08-18 08:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-07 01:26 - 2015-08-18 08:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-07 01:26 - 2015-08-18 08:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-07 01:26 - 2015-08-18 08:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-07 01:26 - 2015-08-18 08:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-07 01:26 - 2015-08-18 08:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-07 01:26 - 2015-08-18 08:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-07 01:26 - 2015-08-18 08:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-07 01:26 - 2015-08-18 08:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-07 01:26 - 2015-08-18 08:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-07 01:26 - 2015-08-18 07:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-07 01:26 - 2015-08-18 07:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-07 01:26 - 2015-08-18 07:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-07 01:26 - 2015-08-18 07:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-07 01:26 - 2015-08-18 07:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-07 01:26 - 2015-08-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-07 01:26 - 2015-08-18 07:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-07 01:26 - 2015-08-18 07:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-07 01:26 - 2015-08-18 07:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-07 01:26 - 2015-08-18 07:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-07 01:26 - 2015-08-18 07:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-07 01:26 - 2015-08-18 07:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-07 01:26 - 2015-08-18 07:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-07 01:26 - 2015-08-18 07:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-07 01:26 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-07 01:26 - 2015-08-18 07:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-07 01:26 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-07 01:26 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-07 01:26 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-07 01:26 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-07 01:26 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-07 01:26 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-07 01:26 - 2015-08-18 05:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-06 14:42 - 2015-09-06 14:42 - 00002786 _____ C:\Users\tonielizabeth\AppData\Local\recently-used.xbel
2015-09-03 19:26 - 2015-09-03 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-03 19:26 - 2015-09-03 19:26 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 14:36 - 2014-01-04 04:42 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-01-04 04:42 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2015-09-24 23:00 - 2015-03-12 00:36 - 00000000 ____D C:\Users\tonielizabeth\AppData\Roaming\Skype
2015-09-24 22:58 - 2015-06-15 20:45 - 00000000 ____D C:\FRST
2015-09-24 22:58 - 2015-06-15 20:43 - 02192384 _____ (Farbar) C:\Users\tonielizabeth\Desktop\FRST64.exe
2015-09-24 22:54 - 2015-07-10 13:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-24 22:38 - 2015-03-12 23:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-24 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-24 22:08 - 2014-09-05 00:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-24 22:02 - 2014-04-29 21:41 - 00000000 ____D C:\Users\tonielizabeth\AppData\Local\CrashDumps
2015-09-24 21:57 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-24 00:08 - 2015-08-09 18:07 - 00000000 ____D C:\Users\tonielizabeth
2015-09-23 21:04 - 2015-08-09 18:30 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-23 21:02 - 2015-06-17 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 21:01 - 2014-01-04 05:05 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-23 20:57 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-22 02:45 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-21 19:36 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 19:28 - 2014-08-16 01:58 - 00001123 _____ C:\Users\tonielizabeth\Downloads\Sony Vegas Pro 10.0 - Shortcut.lnk
2015-09-21 18:45 - 2015-08-09 17:56 - 00019474 _____ C:\WINDOWS\PFRO.log
2015-09-20 19:58 - 2014-04-09 19:55 - 00000000 ____D C:\Users\tonielizabeth\AppData\Roaming\Audacity
2015-09-18 22:39 - 2014-04-09 18:34 - 00000000 ____D C:\Users\tonielizabeth\AppData\Roaming\Adobe
2015-09-18 22:36 - 2015-03-12 23:49 - 00000000 ____D C:\Users\tonielizabeth\AppData\Local\Adobe
2015-09-18 22:19 - 2014-01-04 05:05 - 00000000 ____D C:\ProgramData\Temp
2015-09-18 22:18 - 2015-02-25 08:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-18 00:44 - 2015-02-13 00:40 - 00000000 ____D C:\Users\tonielizabeth\Desktop\New folder
2015-09-17 20:30 - 2015-07-15 19:14 - 00003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1436984043
2015-09-17 20:30 - 2015-07-15 19:14 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-17 20:30 - 2015-07-15 19:13 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-16 19:15 - 2014-04-09 18:34 - 00000000 ____D C:\Users\tonielizabeth\AppData\Local\Packages
2015-09-16 06:32 - 2014-09-10 15:18 - 00000000 ____D C:\ProgramData\Windows VXM
2015-09-15 23:35 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-15 17:12 - 2015-08-12 01:37 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 17:12 - 2015-08-12 01:37 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 03:00 - 2015-08-09 18:01 - 00000000 ____D C:\Program Files\Elantech
2015-09-14 01:23 - 2015-08-09 18:52 - 00056008 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCoInstaller01000.dll
2015-09-14 01:22 - 2013-11-27 10:41 - 00525000 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-09-14 00:56 - 2014-04-14 18:55 - 00000000 ____D C:\Users\tonielizabeth\Desktop\EFA
2015-09-13 01:09 - 2015-06-15 23:06 - 00002828 _____ C:\Users\tonielizabeth\Desktop\the source names.txt
2015-09-11 22:15 - 2015-08-09 19:25 - 00002366 _____ C:\Users\tonielizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-11 22:15 - 2015-08-09 19:07 - 00000000 ___RD C:\Users\tonielizabeth\OneDrive
2015-09-11 20:58 - 2015-08-09 19:08 - 00000000 ____D C:\Users\tonielizabeth\AppData\Local\Comms
2015-09-11 01:19 - 2015-08-09 18:50 - 00000000 ____D C:\Windows.old
2015-09-10 04:17 - 2015-07-10 13:20 - 00376848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 04:15 - 2015-07-10 17:29 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 04:15 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 20:20 - 2014-04-12 19:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 01:44 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-08 04:15 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-06 14:42 - 2014-05-02 20:32 - 00000000 ____D C:\Users\tonielizabeth\.gimp-2.8
2015-09-05 22:50 - 2014-05-02 20:36 - 00000000 ____D C:\Users\tonielizabeth\AppData\Local\gtk-2.0
2015-09-05 22:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-03 19:26 - 2015-08-13 22:18 - 00001983 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-26 18:37 - 2014-04-12 19:01 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-09-06 14:42 - 2015-09-06 14:42 - 0002786 _____ () C:\Users\tonielizabeth\AppData\Local\recently-used.xbel
2015-08-09 18:00 - 2015-08-09 18:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\tonielizabeth\AppData\Local\Temp\AAMHelper.exe
C:\Users\tonielizabeth\AppData\Local\Temp\AdobeApplicationManager.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-18 20:15

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by tonielizabeth (2015-09-24 23:01:14)
Running from C:\Users\tonielizabeth\Desktop
Windows 10 Home (X64) (2015-08-09 17:48:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3225058651-2230390788-3555302883-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3225058651-2230390788-3555302883-503 - Limited - Disabled)
Guest (S-1-5-21-3225058651-2230390788-3555302883-501 - Limited - Disabled) => C:\Users\Guest
tangy_000 (S-1-5-21-3225058651-2230390788-3555302883-1002 - Limited - Enabled) => C:\Users\tangy_000
tonielizabeth (S-1-5-21-3225058651-2230390788-3555302883-1001 - Administrator - Enabled) => C:\Users\tonielizabeth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.2.90 - Dll-Files.com)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ELAN Touchpad 11.15.0.16_X64 (HKLM\...\Elantech) (Version: 11.15.0.16 - ELAN Microelectronic Corp.)
Genie Cleaner (HKLM-x32\...\Genie Cleaner) (Version: 1.0.0.1036 - Oppoos.com)
Genie Wifi (HKLM-x32\...\Genie Wifi) (Version: 1.0.0.1132 - oppoos.com)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{413fe921-b226-41c8-bc3c-574074ceec4d}) (Version: 1.4.4.1000 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version:  - Microsoft Corporation)
Islands Driver Theory Training (HKLM-x32\...\{270BC8C5-14CD-4364-806C-12FE8B38EE72}) (Version: 1.00.0000 - MJH Data Systems)
Isle of Man Driving Theory Test (HKLM-x32\...\{E62E9F6A-55FE-4937-8A4A-93384CD3C87A}) (Version: 1.00.0000 - MJH Data Systems)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SoftPlanet Software Assistant version 1.19 (HKLM-x32\...\{C87BD92A-FDDE-42C5-84F7-5159BEC08A01}_is1) (Version: 1.19 - Secure Download Ltd.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - SumatraPDF)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin) <==== ATTENTION
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.25 - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version:  - win-movie-maker-free)
Wizard101 (HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3225058651-2230390788-3555302883-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3225058651-2230390788-3555302883-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

09-09-2015 20:13:31 Windows Update
12-09-2015 21:42:39 Intel® Technology Access
15-09-2015 23:33:40 Intel® Technology Access
18-09-2015 22:17:06 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
19-09-2015 23:09:17 Intel® Technology Access
21-09-2015 18:00:54 Intel® Technology Access

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-09-03 19:26 - 00000067 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03EC62D3-BA7F-4FBE-9DC1-1F36516BF466} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0961FA96-4D29-46FB-BB29-7B029D653EFF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3225058651-2230390788-3555302883-1001
Task: {208177E1-34F0-41C9-9D7E-80D24E37D54A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {2849244A-9ED1-4D72-9FFA-C85CE7381F2F} - System32\Tasks\Opera scheduled Autoupdate 1436984043 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software)
Task: {39F97378-9FE6-4A41-98E6-3F062E2ECBA8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {3DEF8D11-53F3-440C-A72F-9377C0369B25} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {3EF572BB-2C89-4A7F-8DE1-0CC6D31DB1F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44F28555-74D5-488D-A147-059528D566C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {4FB168E4-23FA-4B18-A067-80D9CA8C2C93} - \gamesorama_helper_service -> No File <==== ATTENTION
Task: {552EE28B-A938-4455-AC9C-4D1C913B9EE5} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-07-09] (Dll-FIles.Com)
Task: {5A47FAB1-4D84-4614-82E2-489D1D1FBECD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5B4EFF90-2D78-4BDB-B5CB-8E508500DD3B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5C2E12B1-A70B-4FF1-A1E3-74CF6705D5B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5EF290D1-AA92-4AA3-8971-642D01224D7F} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-07-09] (Dll-FIles.Com)
Task: {61FCB94B-9F2C-4964-A7B5-10F67A2646FA} - System32\Tasks\SoftPlanet Software Assistant => C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe [2013-12-09] (Secure Download Ltd.)
Task: {627C0E68-2203-4716-B02C-B3EDFFC19224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {646B1A6D-B268-42B0-B44D-949293BE01DE} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {6AEC327D-CB47-48D1-BE8C-565C46D8E4F5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {72F8C9F1-20EF-443F-AB82-2AF0098F521F} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {74B2E996-C21F-4409-833B-75DC8B094058} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2015-07-09] (Dll-FIles.Com)
Task: {76F7D2A0-4878-4A8C-94EA-90B8DFCC6359} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-12] (Microsoft Corporation)
Task: {787C879F-F26F-4154-A5D7-CFC3DADA63A8} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
Task: {7B613531-5096-4034-AEB4-EDB819C34A77} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {7D2CEDE6-7F99-4D74-8C7B-8A13AD064AC7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9394EB9E-88FA-4BEC-A61C-ADB831162E6A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {94E4D0AC-C9C0-4211-8F53-F2783C1EE012} - System32\Tasks\GoogleUpdateTaskUserS_1_5_21_478699874-4155726479-3780505679-1001UA__343230323233303632342d78782345572a4a3441325057 => Wscript.exe //B "C:\ProgramData\PicRec\startprocess.js" picrecs.exe /invoke /f:check_services /l:0
Task: {99212A13-830C-4BE8-B9AF-DAD26CA46FA1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {99F20CE5-FE57-4B3B-B9CD-366FE22D68C7} - System32\Tasks\{6211BACD-4078-4AEF-8F8E-D03520669607} => pcalua.exe -a "C:\Program Files (x86)\HD-V1.8\Uninstall.exe" -c /fcp=1
Task: {BBDA0424-4FBE-4C7B-881D-A270A423EC25} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {C045A8F3-B7A5-4D92-970F-63E0B51D445D} - System32\Tasks\UpdateAdmin => C:\Users\tonielizabeth\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2014-10-16] (DownloadAdmin) <==== ATTENTION
Task: {C408A900-ABB3-437B-9F16-D37BFDF8A266} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CAE5D333-1B17-40D8-ACE9-AABB9D7E8ECD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CCD05912-C6D3-4FE7-8F45-68617F784210} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {CE4E985C-2A0B-4D7F-8427-3143897146F1} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {D31608F7-242E-4286-9F7F-0FD9D8208814} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {F687AA7C-73BE-417A-82C8-BDF542B34F5E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FD5DF620-75C9-4375-ABDB-C3A99BDEAD76} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {FEB74841-4ADF-438E-AA07-75EB960BBC34} - System32\Tasks\{67B9ADC9-F587-4E2D-91C2-E8F965958E54} => pcalua.exe -a "C:\Program Files (x86)\GoPhoto.it V9.0\Uninstall.exe" -c /fcp=1

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-09 19:38 - 2015-07-15 03:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 01:18 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-07 11:44 - 2015-07-07 11:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-07-07 13:41 - 2015-07-07 13:41 - 01793280 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll
2015-07-07 13:41 - 2015-07-07 13:41 - 00354560 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2015-09-07 01:26 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-07 01:26 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-09-11 21:03 - 2015-08-12 04:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 02:04 - 2015-08-03 02:11 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 01:18 - 2015-08-11 09:58 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 02:04 - 2015-08-03 02:09 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-10-30 21:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-06 04:31 - 2015-02-06 04:31 - 00050840 _____ () C:\Program Files (x86)\Genie Soft\Genie Cleaner\MGCommon.dll
2015-07-22 15:32 - 2015-07-22 15:32 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-08-09 18:11 - 2015-08-09 18:11 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-02-06 04:31 - 2015-02-06 04:31 - 38602392 _____ () C:\Program Files (x86)\Genie Soft\Genie Cleaner\libcef.dll
2014-11-27 16:29 - 2014-11-27 16:29 - 01634632 _____ () C:\Program Files (x86)\Genie Soft\Genie Cleaner\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tonielizabeth\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{03C43EF7-1733-4BA0-9A4B-222A880A1980}] => (Allow) C:\Users\tonielizabeth\Desktop\StardollGiftCardRetreiver.exe
FirewallRules: [{6C8CE4C9-4CB0-4833-B24B-2353C9AEFF5D}] => (Allow) C:\Users\tonielizabeth\Desktop\StardollGiftCardRetreiver.exe
FirewallRules: [{47F94852-BDFA-417B-842C-72FB3B34D547}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4359580A-F6A4-4AC8-9F8B-A8FCC79B8C70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92E1C07B-018A-4287-BB60-D99C599FFCAA}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{6B0B51B4-DF83-4E9F-BFC8-BA4899651630}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [UDP Query User{8FB97FED-1770-4CF2-8436-695C66C850BB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{451B5CD0-C19E-46E0-B132-32ED87EC7011}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7A655BBD-2DE6-4072-9CAB-6DBBE72F46F0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{048A4E23-85F0-48DC-ADDA-0BBB131A6142}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E6FA301E-8BFF-4C87-AB64-AA3C94857182}] => (Allow) C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe
FirewallRules: [{3BD685C8-CDAB-4022-9779-19AE9565F956}] => (Allow) C:\Program Files (x86)\Windows FontCache\R1\WmiPrvSD.exe
FirewallRules: [{341EB34B-D27C-46FB-B3BD-5CEC531B90D8}] => (Allow) C:\Program Files (x86)\Chromium Logging\G3\chroimner.exe
FirewallRules: [{A4DA8A91-A388-4A3C-B92C-A86A0640B463}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4605BA2C-A8DF-4D98-A3E3-C010CF13A4ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D816956A-01B5-4BEF-8001-95D93697F179}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{33795303-AA2D-45AD-88BE-7440E196282B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{AF94FF61-F7EB-4D5A-83AF-79FAC5D35630}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{24B17D0D-9033-480D-B732-25C4EF4B8557}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{5E8DA902-8C11-4C3D-87C6-6F11D7645C73}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{ED18D122-E38E-4B44-9390-1BCDA41CA5C2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{A704F3CB-D08E-4106-B148-8F3AABA3A1CD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{0100B3D0-86C9-4E90-BBB6-B23E1D660A83}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2D87F668-0A81-4341-A692-6FF83B6219E6}] => (Allow) C:\Program Files (x86)\Windows Network Accelerater\winvxm.exe
FirewallRules: [{47B2306F-F2AB-472D-A543-C2BC0FD755FB}] => (Allow) C:\Users\tonielizabeth\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BC435A2C-7646-4EB6-B56B-8C78E83228B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8CC64A93-E6E7-42DF-BCFE-A80FBC65388A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C9AA8DD-7241-4CDC-B601-930BF20B0F26}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BB186583-74C4-436F-A2E2-1BEF54CCB1AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D7ABB0A4-6544-49D9-94C9-5E82BF5288CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CFA6FD16-F068-4767-8766-BDAD8369A93C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{90CC9385-D7ED-4958-995C-7BDC6144F0E1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ADB92DC0-4255-4CEA-8F95-32E6CFCAAD29}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8995447C-7E57-43B7-A3F7-6C6F55E7C00D}] => (Allow) C:\Program Files (x86)\webget\bin\webget.BRT.Helper.exe
FirewallRules: [{F0E0B311-55C0-4B9C-A472-103A515E09CF}] => (Allow) C:\Program Files (x86)\webget\bin\webget.BRT.Helper.exe
FirewallRules: [{57088DC1-353C-4C7F-BFD1-DF6A66BDFD0A}] => (Allow) C:\Program Files (x86)\webget\bin\webget.BRT.Helper.exe
FirewallRules: [{86E52BD3-B767-4C66-8CDF-2F8B305CC802}] => (Allow) C:\Program Files (x86)\webget\bin\webget.BRT.Helper.exe
FirewallRules: [{C107F000-FC02-45B4-9EE1-2FC401239232}] => (Allow) C:\Users\tonielizabeth\AppData\Local\WinnerDM\wdm.bin
FirewallRules: [{CBC76E8D-C8E6-4CCA-9036-F03A05D9E983}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E3C85EB2-2EC1-44AA-BF5F-636D41E497BD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{09AD67BB-79D1-4C79-A647-8F8FD8A6F255}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3376A7D1-DCB9-44EB-95F7-C26CE0F2ECE1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3CD1EA22-A7BC-4A60-8C13-AD6810647FFF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{6EE45E0F-8CCC-4B8E-8C02-5DB34EB7316D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{19B143C3-021C-4EEA-B493-762D9EEA914F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{B334698A-3206-4991-AB58-3007D2F5FA15}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{C13E44DC-5686-4127-9531-62B68D54C9A1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{FECE24D6-F732-4389-ABE7-69D49AC124A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{1BC9B226-7D5A-4C33-9B54-83B2E52BD143}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{69C88388-CE50-4DAA-8426-C9C752C3C5B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{DCE4202D-93FD-44BD-9FB3-975584FE5D8F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{914236DB-41F1-438F-B298-253673054C0F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{4AE51F96-F712-42D4-B0EB-294704E783E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{293B9B78-4ADF-44A8-B3DC-9CEE7C650D6E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{138CBD8D-9969-46DA-AE38-2CCBE7DE1949}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{9961D265-5BF5-486E-9003-6D689CD71306}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{CD81D8A0-08BC-4AD5-B281-92A4B0E793E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{3F9F672F-20EB-4502-9C4E-19ABCB35E3B8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{7EB94038-F2D7-44B0-B61D-9DE581B3710A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{4854FAEF-8E96-4BDF-9593-1C4AE9E66B98}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{CF0570B7-162D-443E-9132-4691FEF96290}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{EE2900A2-94F8-4840-A676-91B9C9858BDD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{9244FEEC-DDA6-4712-82D9-6ABFF57FF958}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{53829F96-2DE5-48B2-8ABC-B11434F06511}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D4240247-205E-4D63-8972-9F8364A6276E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{22D8BBCD-7B29-44F7-A1AE-A2778BCBA068}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{EF49BF14-EA9E-4640-B677-790A9311D2BF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{FA8AF552-7364-463E-BF83-C734AB644B41}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{F45333F3-EA2F-4E52-A907-329CAB47ED60}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{00BD8F9C-194A-45CD-B550-D5E3BDCCCB7E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8D77E381-CEB3-4175-8A8F-20F63B515519}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{6BE4FBCD-6DC4-43C1-98F1-002EC7054F51}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{AEA89349-3887-4C00-92DA-7D060D44B0CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{1106BDF7-6B52-438C-A170-07AD4B4A59AE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{10EDF353-0503-4CBF-8CB3-C131879D2473}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{81A2ACFD-93D9-462D-B7D3-A786CCDD74B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DF1298C3-7FC5-453A-B39E-3C9277913408}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2F0C5659-C0C0-4E0A-A6CE-6AF94343EBA0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{452D3532-4DAE-4A7D-B7C4-C46F81D42055}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{A058A0F9-8D23-45B5-9151-165114B4E826}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{F4E999A3-63DB-4631-AD11-67F424FA553E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{497D4543-D2D2-4FBF-BFDF-73531E923707}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{9473A83E-0E92-42B3-9799-49D7F8073C71}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{425811F3-B6DD-476D-B731-24DA52C51F48}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{237C5757-A783-41D4-B9AD-8DC6039BCF57}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{59CC9813-63B2-40DA-B735-E71008FA07A1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{9DCACCDC-A0A7-45B1-981A-F7B60B1A2470}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{96EDF181-36B5-4C00-8FAE-3310F51611C8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{52001C53-5AE9-48F8-9B6C-5856EC9DA94D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{93BF0939-CA06-454A-A3E5-1FAEB499F9D9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{849C6547-DE75-49D0-97E2-F030EB8E9BB9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{2581DC62-4AA6-4E27-BEDD-A0537644C6ED}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{A67C4052-C290-460B-858E-D33098B3B20B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{8245C9B5-1192-48B6-8587-DD0DB6D498B9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{44311482-9F9A-4E7C-8733-D8919D5B4D6B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{26F29140-61C4-4C1F-B345-247A4D7B01AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{65457D36-734E-4452-B3C7-9DC6C8BEE3FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{D306E0A3-2A72-403A-BB40-1F1C42B038CC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2AE7F9B7-2C12-4F31-A5A9-3CE1A1D48224}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8F04573E-8265-4931-9D3B-7C3D1CB685A3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{611C7BEB-8353-4874-AC65-CFBDE51F697E}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F5AD9AA3-F7E7-435B-8786-692EC2FF1073}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{37A99701-B951-450C-BE47-728E41053292}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A66AC066-D442-4DEF-AC54-FC00CA747300}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F0F35B2B-F260-4202-A013-672749ECB444}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{FBEC0E58-C1EB-4196-83AA-1C7013633EEC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{86AC9EDE-6B36-45D8-997A-40B61013554E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D4254137-BD2E-41EF-8D62-5DADAEC43610}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2ABBFAB6-12A1-4DE6-9335-FC95A78081EF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{52F79DC1-745E-4FED-9D66-7F7DEEA76AE8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{903DF20D-C0EA-427A-AED1-AA9E13614410}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E70C61D9-7367-4155-944E-62D907A6E884}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{76226568-417C-458D-9F6B-EF846EF02533}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{255D22DB-BD73-42AB-ABF3-69E1752B151F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E6312037-04BF-4814-BA47-6EFD99719851}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E01D3421-4BFB-4D30-91A7-61134003C96F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A3818440-65E6-4690-9EF5-61625D5754D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2015 10:02:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TONI-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 10:02:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TONI-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 10:02:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TONI-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 10:02:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TONI-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 10:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6208.4200, time stamp: 0x55ef64bd
Faulting module name: Mso20Imm.dll, version: 16.0.6208.4200, time stamp: 0x55ef653d
Exception code: 0xc0000005
Fault offset: 0x00000000000c1c31
Faulting process ID: 0x9bc
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report ID: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (09/24/2015 10:02:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TONI-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 10:02:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6208.4200, time stamp: 0x55ef64bd
Faulting module name: Mso20Imm.dll, version: 16.0.6208.4200, time stamp: 0x55ef653d
Exception code: 0xc0000005
Fault offset: 0x00000000000c1c31
Faulting process ID: 0x1074
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report ID: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (09/24/2015 10:02:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6208.4200, time stamp: 0x55ef64bd
Faulting module name: Mso20Imm.dll, version: 16.0.6208.4200, time stamp: 0x55ef653d
Exception code: 0xc0000005
Fault offset: 0x00000000000c1c31
Faulting process ID: 0xd24
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report ID: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5

Error: (09/24/2015 09:52:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TONI-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 09:52:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.6208.4200, time stamp: 0x55ef64bd
Faulting module name: Mso20Imm.dll, version: 16.0.6208.4200, time stamp: 0x55ef653d
Exception code: 0xc0000005
Fault offset: 0x00000000000c1c31
Faulting process ID: 0x1e2c
Faulting application start time: 0xHxTsr.exe0
Faulting application path: HxTsr.exe1
Faulting module path: HxTsr.exe2
Report ID: HxTsr.exe3
Faulting package full name: HxTsr.exe4
Faulting package-relative application ID: HxTsr.exe5


System errors:
=============
Error: (09/24/2015 09:52:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (09/24/2015 12:08:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/24/2015 12:08:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/24/2015 12:08:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/24/2015 12:08:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/23/2015 09:02:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (09/23/2015 08:57:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:25:39 on ‎22/‎09/‎2015 was unexpected.

Error: (09/22/2015 10:28:47 PM) (Source: DCOM) (EventID: 10010) (User: TONI-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (09/22/2015 10:28:47 PM) (Source: DCOM) (EventID: 10010) (User: TONI-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (09/22/2015 10:28:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 3979.34 MB
Available physical RAM: 1478.43 MB
Total Virtual: 4683.34 MB
Available Virtual: 1347.36 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.69 GB) (Free:332.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 290CBD16)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hi, I've got a quick question. The logs are showing there is a proxy set up on your machine. This is basically another server that all your traffic to and from the internet is going through. Do you use a proxy or do you have a wifi or a direct connection to the internet? I'm currently reviewing your logs and working on a fix. Please let me know and we'll get started. :thumbsup:
  • 0

#3
ToniW

ToniW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

My computer is linked to my home wifi. I don't use a proxy server to my knowledge


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Thank you for letting me know. Let's get started. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • Genie Cleaner
  • UpdateAdmin
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
C:\Program Files (x86)\Genie Soft
(Secure Download Ltd.) C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe
C:\Program Files (x86)\SoftPlanet Software Assistant
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleaner.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleaner.exe
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\Run: [GenieFloater] => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe [1850520 2015-02-06] (Oppoos.com)
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\...\Run: [UpdateAdmin] => C:\Users\tonielizabeth\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)
C:\Users\tonielizabeth\AppData\Local\UpdateAdmin
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonielizabeth\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll No File
HKU\S-1-5-21-3225058651-2230390788-3555302883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rts.dsrlte.com?affID=na
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
R2 GenieCleanService; C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe [53400 2015-02-06] (Oppoos.com)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {03EC62D3-BA7F-4FBE-9DC1-1F36516BF466} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3EF572BB-2C89-4A7F-8DE1-0CC6D31DB1F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5A47FAB1-4D84-4614-82E2-489D1D1FBECD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5B4EFF90-2D78-4BDB-B5CB-8E508500DD3B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5C2E12B1-A70B-4FF1-A1E3-74CF6705D5B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {627C0E68-2203-4716-B02C-B3EDFFC19224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6AEC327D-CB47-48D1-BE8C-565C46D8E4F5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7D2CEDE6-7F99-4D74-8C7B-8A13AD064AC7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C045A8F3-B7A5-4D92-970F-63E0B51D445D} - System32\Tasks\UpdateAdmin => C:\Users\tonielizabeth\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2014-10-16] (DownloadAdmin) <==== ATTENTION
Task: {C408A900-ABB3-437B-9F16-D37BFDF8A266} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CAE5D333-1B17-40D8-ACE9-AABB9D7E8ECD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F687AA7C-73BE-417A-82C8-BDF542B34F5E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP