Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ACER Windows 8.1- Need Help with removing undesirables

Help popups

  • This topic is locked This topic is locked

#1
ALuCsRED

ALuCsRED

    New Member

  • Member
  • Pip
  • 4 posts

Hi, my name is Mark and I have a Acer laptop with Windows 8.1 64 bit purchased which is used at my sister's home that needs some help.  Seven years ago I covered to Macs, but did buy this laptop for her to help with simple internet, photos, and some word processing.  

 

The computer was initially infected by a virus near the original purchase date (a year ago) when my brother in law attempted to download software for a Nokia phone and installed a *.exe file which wasn't what it was supposed to be .  At that time, everything was resolved, but more issues arose since then.  I'm not sure if the new issues are related to the original problem, to instances of downloading since, or due to the original software that Acer supplied.

 

Currently the biggest issues are overall slowness of the computer, and pop up issues with IE.  When a link is clicked in IE, a new window pops up with the proper link and the old window is redirected to Adware type pages.

 

I've read through some of the data on here, and ran FSRT64.  I did try run ASWMBR.exe also, but it locked up the computer while downloading the files.  I am using my MacBook to discuss on this board as I don't want to deal with the pop ups on the windows computer.

 

The text files follow:

 

FSRT text file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015

Ran by Kelly (administrator) on THXMARK (26-12-2015 04:29:49)
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available Profiles: Kelly)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe
() C:\Program Files\003\xmkysecqun64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\MountPoints2: {3cd400c5-c2e9-11e3-8259-201a06d47b2a} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
Startup: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.59.176.16 64.59.176.228
Tcpip\..\Interfaces\{2369C8D1-2502-4C6B-8035-0E2C4E4D03A9}: [DhcpNameServer] 64.59.176.16 64.59.176.228
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {5849260C-311F-4374-A230-D509DCE0562A} URL = 
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {807189FD-86C7-4BCF-A29F-DCF552204EFD} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA662D20150112&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-25] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-27] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-02] [not signed]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-16] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R2 SupraSavingsService64; C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-12] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-26 04:29 - 2015-12-26 04:30 - 00018866 _____ C:\Users\Kelly\Desktop\FRST.txt
2015-12-26 04:17 - 2015-12-26 04:17 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-12-26 04:17 - 2015-12-26 04:17 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-12-26 04:13 - 2015-12-26 04:13 - 00002001 _____ C:\Users\Public\Desktop\abMedia.lnk
2015-12-26 04:13 - 2015-12-26 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-26 04:10 - 2015-12-26 04:10 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-12-25 20:22 - 2015-12-25 20:22 - 00282368 _____ C:\Windows\Minidump\122515-56968-01.dmp
2015-12-25 20:11 - 2015-12-25 20:11 - 00287424 _____ C:\Windows\Minidump\122515-39093-01.dmp
2015-12-25 19:55 - 2015-12-26 04:29 - 00000000 ____D C:\FRST
2015-12-25 19:55 - 2015-12-25 19:55 - 02370560 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-12-25 19:51 - 2015-12-26 04:28 - 00000000 ____D C:\Users\Kelly\Desktop\Mark
2015-12-02 10:58 - 2015-11-16 12:32 - 00919040 _____ (Farbar) C:\Windows\mod_frst.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-10-21 07:36 - 2014-01-17 12:18 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 01:34 - 2014-01-17 12:18 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-12-26 04:24 - 2015-05-18 14:24 - 00000935 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {31067C44-998A-4825-A8E8-465995EFCB9A}.job
2015-12-26 04:24 - 2015-05-18 14:24 - 00000749 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {31067C44-998A-4825-A8E8-465995EFCB9A}.job
2015-12-26 04:22 - 2014-04-12 20:10 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2808045357-1269114698-59485828-1001
2015-12-26 04:19 - 2015-05-18 14:19 - 00000935 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job
2015-12-26 04:19 - 2015-05-18 14:19 - 00000749 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job
2015-12-26 04:17 - 2014-01-17 12:36 - 00000000 ____D C:\ProgramData\OEM
2015-12-26 04:16 - 2013-10-31 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-12-26 04:14 - 2014-04-12 20:06 - 00000000 ____D C:\Users\Kelly\AppData\Local\clear.fi
2015-12-26 04:10 - 2014-04-12 20:21 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D343BE86-5955-4EC9-8820-9DCD5203D04E}
2015-12-26 04:10 - 2013-10-31 05:23 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 04:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2015-12-25 20:22 - 2014-06-23 21:33 - 00000000 ____D C:\Windows\Minidump
2015-12-25 20:22 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-25 20:21 - 2014-06-23 21:33 - 600677672 _____ C:\Windows\MEMORY.DMP
2015-12-25 20:21 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-25 20:18 - 2013-10-31 05:35 - 00000000 ____D C:\Program Files (x86)\Acer
2015-12-25 20:17 - 2015-10-02 18:06 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-12-25 20:17 - 2013-10-31 06:07 - 00000000 ___HD C:\OEM
2015-12-25 20:15 - 2014-06-27 20:37 - 00000000 ____D C:\Program Files\SupraSavings
2015-12-25 20:08 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-25 20:06 - 2014-04-12 20:03 - 00000000 ____D C:\Users\Kelly
2015-12-25 19:58 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-25 19:57 - 2014-04-24 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-25 19:43 - 2014-04-12 21:11 - 00000000 ____D C:\Users\Kelly\AppData\Local\CrashDumps
2015-12-25 19:43 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
 
==================== Files in the root of some directories =======
 
2014-01-17 12:19 - 2014-01-17 12:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Kelly\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kelly\AppData\Local\Temp\nsa1C70.exe
C:\Users\Kelly\AppData\Local\Temp\nsd8C57.exe
C:\Users\Kelly\AppData\Local\Temp\nszF609.exe
C:\Users\Kelly\AppData\Local\Temp\RegClean6.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-25 01:16
 
==================== End of FRST.txt ============================
 
 
 
And here is the Additions text file:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Kelly (2015-12-26 04:31:13)
Running from C:\Users\Kelly\Desktop
Windows 8.1 (X64) (2014-04-13 02:03:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2808045357-1269114698-59485828-500 - Administrator - Disabled)
Guest (S-1-5-21-2808045357-1269114698-59485828-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2808045357-1269114698-59485828-1003 - Limited - Enabled)
Kelly (S-1-5-21-2808045357-1269114698-59485828-1001 - Administrator - Enabled) => C:\Users\Kelly
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{8FAAC5E4-3361-726A-9F42-F0414FD1D3BC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.13.2000.0 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{E3AE2D4D-5274-CE6B-5434-64DA3131A301}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1562DA83-1FDC-4F03-B10F-96A276BAAD91} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {16F4AEB5-B144-4EC4-B525-55069FD981DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {2072BE56-4BF8-424C-AF2B-5D622BCDC406} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-25] (Microsoft Corporation)
Task: {356D76DF-304F-4DAE-9A36-2B24D5516D25} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {3978E11A-5DDA-4EB9-9EBA-3CDDD1BBC093} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {3A93336C-435A-4797-9EFC-F5148CDE2F4C} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {41963EE3-966F-40D8-A47F-FD7B247E7327} - System32\Tasks\EPSON XP-310 Series Update {31067C44-998A-4825-A8E8-465995EFCB9A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {4B4C11F2-7EF4-4006-BB05-80EB62A3CF09} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {7998CD26-A5E6-41AC-8708-3C419A1A61E2} - System32\Tasks\EPSON XP-310 Series Update {E335AE50-3E8F-45F8-8C79-148BF61A5C0B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {7EF2B324-3090-45C8-9998-F457E24298BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {7F5B3F4C-5088-4A57-85FC-537DD62E82C9} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-11-17] (Acer Incorporated)
Task: {80AB6B45-E031-401C-8D10-0AA9FB1A3543} - System32\Tasks\EPSON XP-310 Series Invitation {E335AE50-3E8F-45F8-8C79-148BF61A5C0B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {8A2D3200-BE61-4953-9F58-168252E84FAA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {8A6ACFD4-74DD-455A-8FE9-EB519D228864} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-11-19] (Acer)
Task: {92A13E58-98B8-465F-9F2C-631FD8CF6104} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {96FB154E-866D-4C08-A26B-8DF9A43FD015} - System32\Tasks\EPSON XP-310 Series Invitation {31067C44-998A-4825-A8E8-465995EFCB9A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {9A15112D-59B1-47B9-B534-6D9B3C642B1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9CA42D7-F971-44DF-AC7C-4578C4ED2D0E} - System32\Tasks\{5B2E45CA-A54D-4A12-B8CF-33505D1885EF} => pcalua.exe -a c:\users\kelly\appdata\local\genesis\genesis.exe -c /x
Task: {DC0EAD64-C5DD-4715-BD60-58D44731EF07} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {EA9741BE-15AA-4EBB-97E4-FE58BF11A04A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {EF820362-7241-48FD-A780-29C217026067} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {FCFD51BA-BB40-45F5-8FC9-1CCDE910F27C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {31067C44-998A-4825-A8E8-465995EFCB9A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {31067C44-998A-4825-A8E8-465995EFCB9A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{31067C44-998A-4825-A8E8-465995EFCB9A} /F:UpdateWORKGROUP\THXMARK$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {E335AE50-3E8F-45F8-8C79-148BF61A5C0B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{E335AE50-3E8F-45F8-8C79-148BF61A5C0B} /F:UpdateWORKGROUP\THXMARK$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Public\Desktop\PRIVATE WiFi.lnk -> C:\Program Files\PRIVATE WiFi\StartURL.exe () -> hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-18 00:14 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2015-05-18 00:14 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-05-01 21:51 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-25 11:58 - 2014-06-25 11:58 - 00172544 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe
2014-06-12 13:05 - 2014-06-12 13:05 - 00110080 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\nfapi.dll
2014-06-12 13:05 - 2014-06-12 13:05 - 00456192 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\ProtocolFilters.dll
2014-04-12 20:52 - 2014-04-12 20:52 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2015-12-25 19:56 - 2015-12-25 19:56 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-17 12:41 - 2013-07-30 20:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-07 03:48 - 2013-09-07 03:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 03:45 - 2013-09-07 03:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 03:52 - 2013-09-07 03:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-10-02 18:35 - 2015-10-02 18:35 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-10-02 18:35 - 2015-10-02 18:35 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-10-02 18:35 - 2015-10-02 18:35 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-12 18:22 - 2015-01-12 18:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-11-16 19:55 - 2015-11-16 19:55 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-12-25 20:17 - 2015-12-25 20:17 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-11-17 11:11 - 2015-11-17 11:11 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-11-17 11:10 - 2015-11-17 11:10 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-01-17 12:09 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer05.jpg
DNS Servers: 64.59.176.16 - 64.59.176.228
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Zune Launcher"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BFFA409-450E-4BE5-A469-466AC7827211}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{922E27F4-956E-409D-ACE1-46AB77318065}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A29E0482-C000-49F0-AA9D-B7B0097C3C68}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{084429D7-CA06-4343-9D74-D02F29F3E81F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{74BD9934-8BC1-4DEB-98CC-3B2A5C598013}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D177C388-E03D-4388-A7CE-E3BA46FB9755}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0DD5BB29-FA4D-4E4F-B88A-6E6FB4D8583D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FCC79AAE-5D02-44E2-9532-0B2044A2F7C4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1F6B25DC-9D7E-4D73-9113-12C3C20AEB91}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{45A393C7-5066-4BA3-96AE-F2A4267E1B8F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{5CD6E776-D31A-4167-8BEF-83F16C1DF927}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{52E4E878-0041-4325-B867-EABCCAFB1AA5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{426F7CEB-E79B-47FD-9293-EBF45F03DD49}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B7905C7A-C8A8-4CBF-A89D-B7A9ED98E5D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7C74BD7A-EEC5-450C-B745-45236CB1CD0E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4FEBA63C-CA31-4C71-8D7E-02BE1B94D179}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{22F5D7E8-A193-4C20-A83C-B30B6F6FED69}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{F6A8F1CA-358C-4F58-80AD-EA7F960C9A95}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B5078F08-254C-4702-9A20-0431AEB47A20}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A4DE871B-B398-48EE-AA2E-DF094EF45DA7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{7DCF3CB8-AFB1-4817-AB4F-1CE7ED43FAB4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{18A6F6C0-92BB-4446-81F0-CDFADDD21F2A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{2E87B8B3-132D-4AE8-9595-69286C667A6C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{725C8631-37E2-4036-BF2F-54E59BE9B6BF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{598EC94A-ACEC-4CB1-ADFE-A6FC1602D3C2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{931A30F0-687D-442B-8B7E-80FC475A4E8A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{EB9E68B2-E706-430F-A0DB-A75D0DDF31CD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{E1F8EDA7-4F70-4118-800F-ECED61FD60E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{532D5572-DD52-495D-BFA5-7F0504D924FA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{141A6085-6C88-4CDD-B274-7B1AFAD37718}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{658B1647-DB16-4BBE-85BC-683B94923689}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5968D1C0-C583-4CEE-A856-AC9A94DBFD81}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{B92A861F-ACE7-4492-A74F-03FE82779667}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D09CB860-0BFA-4DB0-92C9-81DA9752DF94}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{D994D648-30B0-4356-8721-A6EA540DB5E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{6DE56927-6B63-4C5C-8008-01358BB206B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{0AD987BB-6942-4089-96FC-69A119A4B7E9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{F6A3206C-F4FD-4671-905B-C43A8E296F47}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{73F83046-B8AB-4F5F-A9B3-66AEE3D1C7C8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{18BD759C-2032-4A8B-9C5E-9F8C2261C79F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{DB3D063E-75E9-47C5-973F-4B42FAFE1868}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0D8C2693-EA5F-49DF-BCAC-5BF28F5755C2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7C4F0707-A7E6-4EBF-8F97-0CB4F04057E8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{6518225B-0C66-47F6-ABD1-0D745E7BE551}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{07004C8B-F324-402B-93B5-536D1E9E1CDC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{D16B0265-98BE-4FBE-AB7D-246F6A2AC605}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{9DA8A3FF-7F0C-4477-8FCC-1838B9A8F2B8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{EA7DF738-A312-45A6-B650-6BF6044C4B82}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{60222CF5-7E17-46FB-8A63-BEC9F8DE2FDA}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{5E91BE89-7291-4626-8E9D-0A696C776375}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{4530C427-6EDF-47AD-B569-AA0CBF5D49E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{0545C121-2CDB-45FD-A323-B1DD6D6354AC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{4B96CC36-3984-40F3-BF34-54B44B55A889}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{11FDDA0E-A14E-428B-A4BA-10F8A2F5DE06}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{57869523-AEAF-4EDA-8246-66A10CE48ECE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E8D9444A-45BF-4500-ADE4-E31A3C0B8959}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{9A3D1922-352B-4CDA-A78B-C8E81EA178CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8B565AE8-0753-420A-A316-9F89B601CE5B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{186288F2-4B8C-4A7A-BB14-589CA67C6965}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{11885A87-59E7-4124-8E78-8A9C52677074}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{C72D1B8F-2B76-4927-BB0E-8AA62591221F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA7A8A96-5CA6-4F46-A390-95D0BF9ED8D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BB39883-9ED3-4569-9346-78BD8E345519}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{737032A4-D326-4DF7-A276-3DFCB8E1650C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25CC5C4B-6004-4A38-B6DF-5827159F55C7}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{1ACDCD39-E622-490D-98AC-A1E6E4249E7D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{076E674C-45EB-4226-82C9-EAF661148022}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{74CB31A9-371A-433C-8202-C2528FD41CA7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{857DBC98-1AE9-48ED-A8CD-D3040B2E9D76}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CCEA25E0-7DDE-4F5C-A46F-E09086023CBF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{01A28C42-F0C0-443B-9AE7-881818E0599D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DFC703E2-6A57-4834-A957-47DFAF0BBD7B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C928B943-D360-4091-8529-AE9812EBD006}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{668B05FF-E7FA-4D79-86DD-F18173D3B5B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{89BBE7CD-BE6D-4037-8D4A-B083E3742328}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CDC8F5B6-5812-4712-876D-FCE6F5A87A9B}] => (Allow) C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{66698094-CF3F-4B2F-BAB9-B32F79A4FCC6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CEA7933C-F72C-4ED4-84E9-9DA448B0AFB8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A262D41A-F9F3-4807-9F19-2DF6EE12957D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{61001514-4392-4F5D-89E0-EAE3FA268643}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E65D87AD-2B2F-4B83-B0BF-B371D8D676F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{81EC859D-1526-495D-BAAC-9953A8816B39}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C1C9D281-66D4-44EC-A449-103B4FA99926}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D4CAE85D-AB24-4471-8D2A-188CE26C1A92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{32E2A1E7-7244-4977-BA17-90800F401D0C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{748C0CCB-7503-4CFB-832E-62996D18738C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E8274051-1957-4E79-8D06-D9B70A41B9EC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{4A41AA91-5234-4A63-AE2A-90465A06EA54}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{63B469E4-BFE5-4B95-A8FA-A8C52C580010}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{618049D1-745D-4DB6-94A6-F48BE3618D1D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8A94A434-FC2A-4D12-8920-B5E0F066E8C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{B5E97983-9508-464D-8F4E-F46F54BC44BC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{ED0D6E7E-31B7-4948-BCFF-C04DC7A8BF37}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{E88055FD-DACE-4AE4-959C-4AD794957299}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D8AB689B-7ED1-4BAF-B2FC-8A6F256FDEF0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{E6A561F5-E11F-4E61-B4A0-1E0D5DCCADCA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{819AFEDA-7ECE-415B-A19F-5F60B9B41604}] => (Allow) C:\Users\Kelly\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{65F295A2-F10D-4294-82E1-92E46402F354}] => (Allow) C:\Users\Kelly\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AE94C384-6A56-4497-ADCC-657A23EFAA6C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{351124CC-23CA-4F45-AA58-09B19AC6E36B}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
 
==================== Restore Points =========================
 
02-10-2015 17:38:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/26/2015 04:27:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ARA.exe version 4.5.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14fc
 
Start Time: 01d13fc5a0b27026
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
 
Report Id: 4b73b9f7-abbb-11e5-8270-201a06d47b2a
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/26/2015 04:09:12 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: abPhoto -- Error 1704. An installation for abDocs is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (12/25/2015 08:24:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (12/25/2015 08:22:04 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
 
Error: (12/25/2015 08:06:48 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
 
Error: (12/25/2015 07:43:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x738
Faulting application start time: 0xupdater.exe0
Faulting application path: updater.exe1
Faulting module path: updater.exe2
Report Id: updater.exe3
Faulting package full name: updater.exe4
Faulting package-relative application ID: updater.exe5
 
Error: (12/25/2015 07:43:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
Stack:
   at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   at System.Xml.XmlDocument.Load(System.String)
   at updater.Report.AddFPToResult(updater.Result)
   at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
   at updater.DownloadMgr.ProcessFile(System.String)
   at updater.DownloadMgr.checkJobState(SharpBits.Base.BitsJob)
   at updater.DownloadMgr.DownloadFile(System.String, System.String)
   at updater.DownloadMgr.Worker(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (12/25/2015 07:42:43 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (12/25/2015 07:41:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1398656076 ticks; setting correction factor to -1611396308
 
Error: (10/03/2015 11:01:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00000000
Faulting process id: 0xcdc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
 
System errors:
=============
Error: (12/25/2015 08:22:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP122515-56968-01
 
Error: (12/25/2015 08:22:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:11:46 PM on ‎2015-‎12-‎25 was unexpected.
 
Error: (12/25/2015 08:11:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP122515-39093-01
 
Error: (12/25/2015 08:11:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:06:48 PM on ‎2015-‎12-‎25 was unexpected.
 
Error: (12/25/2015 08:06:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:41:14 PM on ‎2015-‎12-‎25 was unexpected.
 
Error: (10/02/2015 06:18:47 PM) (Source: DCOM) (EventID: 10010) (User: ThxMark)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (10/02/2015 06:18:17 PM) (Source: DCOM) (EventID: 10010) (User: ThxMark)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (10/02/2015 06:05:36 PM) (Source: DCOM) (EventID: 10010) (User: ThxMark)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
 
Error: (10/02/2015 06:03:24 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005
 
Error: (10/02/2015 06:03:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 35%
Total physical RAM: 8072.27 MB
Available physical RAM: 5177.66 MB
Total Virtual: 16264.27 MB
Available Virtual: 14110.01 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.19 GB) (Free:803.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 28D045ED)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

One Program to uninstall. Please uninstall it.
  • Software Updater
    Next

    A few items to fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    start
    CloseProcesses:
    CreateRestorePoint:
    2015-12-25 20:15 - 2014-06-27 20:37 - 00000000 ____D C:\Program Files\SupraSavings
    HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\MountPoints2: {3cd400c5-c2e9-11e3-8259-201a06d47b2a} - "E:\LaunchU3.exe" -a
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {5849260C-311F-4374-A230-D509DCE0562A} URL = 
    SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {807189FD-86C7-4BCF-A29F-DCF552204EFD} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA662D20150112&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 
    2014-06-25 11:58 - 2014-06-25 11:58 - 00172544 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe
    C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE
    2014-04-12 20:52 - 2014-04-12 20:52 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
    C:\Program Files\003\xmkysecqun64.exe
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#3
ALuCsRED

ALuCsRED

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Ok.  I followed your steps.  Nothing strange popped up.  The web browser activity as returned to normal (Thanks!).  The results for the three repairs are as follows:

 

 

FRST64 Results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Kelly (2015-12-26 17:07:17) Run:1
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available Profiles: Kelly)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
2015-12-25 20:15 - 2014-06-27 20:37 - 00000000 ____D C:\Program Files\SupraSavings
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\MountPoints2: {3cd400c5-c2e9-11e3-8259-201a06d47b2a} - "E:\LaunchU3.exe" -a
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {5849260C-311F-4374-A230-D509DCE0562A} URL = 
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {807189FD-86C7-4BCF-A29F-DCF552204EFD} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA662D20150112&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 
2014-06-25 11:58 - 2014-06-25 11:58 - 00172544 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe
C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE
2014-04-12 20:52 - 2014-04-12 20:52 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
C:\Program Files\003\xmkysecqun64.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Program Files\SupraSavings => moved successfully
"HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd400c5-c2e9-11e3-8259-201a06d47b2a}" => key removed successfully
HKCR\CLSID\{3cd400c5-c2e9-11e3-8259-201a06d47b2a} => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
"HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5849260C-311F-4374-A230-D509DCE0562A}" => key removed successfully
HKCR\CLSID\{5849260C-311F-4374-A230-D509DCE0562A} => key not found. 
"HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{807189FD-86C7-4BCF-A29F-DCF552204EFD}" => key removed successfully
HKCR\CLSID\{807189FD-86C7-4BCF-A29F-DCF552204EFD} => key not found. 
"HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe => moved successfully
C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE => moved successfully
C:\Program Files\003\xmkysecqun64.exe => moved successfully
"C:\Program Files\003\xmkysecqun64.exe" => not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {C7A96A05-D7AD-4748-8DFB-3809C410D55C}.
Unable to cancel {BB2F0608-5ECE-4242-A05F-1D68B51DC290}.
Unable to cancel {7318BE09-BC7F-4209-96FD-E6E8B0D90BB9}.
Unable to cancel {AC6D350A-DECB-4448-87AB-7C1832E2DEE9}.
Unable to cancel {EA003C0F-1440-4EAA-BCA1-BB0D24C456CD}.
Unable to cancel {BB2FCC1D-E3E9-4EB4-B8BC-FFCCE4AB7EDE}.
Unable to cancel {6607EA3F-FA84-499A-A68D-F30C699FE161}.
Unable to cancel {68E7DB50-7F1D-44A0-9BAE-217DFB2084BC}.
Unable to cancel {800E815A-BD48-44B5-B35A-A3BEA3AB7B8A}.
Unable to cancel {09BDF05C-3D17-49C1-A95A-B10A7CEAE629}.
Unable to cancel {FE5B3B5D-CF8D-40C3-BB66-AF82B7EC5604}.
Unable to cancel {53E5C76A-A5C3-4F71-8423-D1D487953769}.
Unable to cancel {8E9B0270-03FE-423B-B54A-8A5E08332991}.
Unable to cancel {8AC5E177-379C-4FE6-A699-64CB05BCBAA7}.
Unable to cancel {F3F09C84-1264-4D54-8EB3-1439116808FA}.
Unable to cancel {FFFE9B8B-6BDB-4D6A-B1C9-EDD9F9A25BAB}.
Unable to cancel {9571B19B-083E-48EB-954D-7B2E729A748A}.
Unable to cancel {CE619CA6-892B-4266-B5A7-686CC402B791}.
Unable to cancel {26A369A9-84E4-4F27-9BFD-40AC881EC5FB}.
Unable to cancel {786ED3BB-CC6E-425E-AA33-0A28A3AA537E}.
Unable to cancel {88CA39BF-961E-406E-BDDD-693A613724F9}.
Unable to cancel {632877C0-A1FF-45DC-8B59-9A1B3CB6BC25}.
Unable to cancel {D392D0CF-D709-42B9-9E40-36E0E2D75830}.
Unable to cancel {F4C12CD7-F3F2-4DD1-8E79-F5C99842920A}.
Unable to cancel {C37FFBD9-072B-49BC-9F8E-A5B2B27927E9}.
Unable to cancel {818011DA-EB5D-42A0-9DE4-C6951428B258}.
Unable to cancel {9C40C0EC-6488-47A8-911D-FA237656C180}.
Unable to cancel {96C492EF-2C0F-4B62-8962-941E55E2C901}.
Unable to cancel {4C1E3BF1-2FCC-4D0F-9D4E-F7D9C89B51A3}.
Unable to cancel {565113BA-4840-44FB-B41B-E3AD79704EB6}.
0 out of 30 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 12.8 GB temporary data Removed.
 
 
The system needed a reboot.
 

 

==== End of Fixlog 17:08:33 ====

 

 

 

AdwCleaner Results:

 

 

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 17:20:59

# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kelly - THXMARK
# Running from : C:\Users\Kelly\Desktop\adwcleaner_5.026.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : netfilter64
Service Found : SupraSavingsService64
Service Found : xmkysecqun64
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Kelly\AppData\Local\Genesis
Folder Found : C:\Users\Kelly\AppData\Roaming\Systweak
Folder Found : C:\Users\Kelly\AppData\Roaming\Compatibility Verifier
 
***** [ Files ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Windows\SysNative\roboot64.exe
File Found : C:\Windows\SysNative\drivers\netfilter64.sys
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{039D611A-7085-4E78-99E1-1BC6F49314C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{37A2ED38-A271-4338-92F0-2597C63AB0D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70215BB2-D45B-4D40-A467-32AF0FF8036F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{820B6267-576D-4A2D-94C4-980D227A0C4E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{039D611A-7085-4E78-99E1-1BC6F49314C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{37A2ED38-A271-4338-92F0-2597C63AB0D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70215BB2-D45B-4D40-A467-32AF0FF8036F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{820B6267-576D-4A2D-94C4-980D227A0C4E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}
Key Found : HKCU\Software\genesis
Key Found : HKCU\Software\AppDataLow\Software\Rr Savings
Key Found : HKCU\Software\AppDataLow\Software\Supra Savings
Key Found : HKLM\SOFTWARE\suprasavings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Supra Savings
Key Found : [x64] HKLM\SOFTWARE\suprasavings
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Supra Savings
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\clpremdo.com
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6130 bytes] ##########
 

 

 

 

JRT Results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by Kelly (Administrator) on 2015-12-26 at 17:42:46.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Program Files\003 (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5849260C-311F-4374-A230-D509DCE0562A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-26 at 17:43:59.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK.

Just be sure that you actually ran the clean option in AdwCleaner.
  • 0

#5
ALuCsRED

ALuCsRED

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Yeah I did.  I should have pated the C1 version not the S1 into the last post.

 

Thanks again,

 

Mark

 

 

ADWCleaner C1 Log:

 

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 17:28:38

# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kelly - THXMARK
# Running from : C:\Users\Kelly\Desktop\adwcleaner_5.026.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : netfilter64
[-] Service Deleted : SupraSavingsService64
[-] Service Deleted : xmkysecqun64
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Kelly\AppData\Local\Genesis
[-] Folder Deleted : C:\Users\Kelly\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Kelly\AppData\Roaming\Compatibility Verifier
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\netfilter64.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{039D611A-7085-4E78-99E1-1BC6F49314C1}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37A2ED38-A271-4338-92F0-2597C63AB0D6}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70215BB2-D45B-4D40-A467-32AF0FF8036F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{820B6267-576D-4A2D-94C4-980D227A0C4E}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{039D611A-7085-4E78-99E1-1BC6F49314C1}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37A2ED38-A271-4338-92F0-2597C63AB0D6}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70215BB2-D45B-4D40-A467-32AF0FF8036F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{820B6267-576D-4A2D-94C4-980D227A0C4E}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}
[-] Key Deleted : HKCU\Software\genesis
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
[-] Key Deleted : HKLM\SOFTWARE\suprasavings
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
[-] Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
[-] Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Supra Savings
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\clpremdo.com
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6714 bytes] ##########
 

 

 


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Very good. If there are no further issues we will clean up an close the topic.

--Delfix will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#7
ALuCsRED

ALuCsRED

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Here is the DelFix report:

 

 

# DelFix v1.011 - Logfile created 26/12/2015 at 18:33:41

# Updated 18/08/2015 by Xplode
# Username : Kelly - THXMARK
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Kelly\Desktop\Addition.txt
Deleted : C:\Users\Kelly\Desktop\adwcleaner_5.026.exe
Deleted : C:\Users\Kelly\Desktop\Fixlog.txt
Deleted : C:\Users\Kelly\Desktop\FRST.txt
Deleted : C:\Users\Kelly\Desktop\FRST64.exe
Deleted : C:\Users\Kelly\Desktop\JRT.exe
Deleted : C:\Users\Kelly\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #21 [Windows Update | 10/02/2015 23:38:11]
Deleted : RP #22 [Windows Update | 12/26/2015 15:01:20]
Deleted : RP #24 [Restore Point Created by FRST | 12/26/2015 23:07:20]
Deleted : RP #25 [JRT Pre-Junkware Removal | 12/26/2015 23:42:49]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Nice work. We are completed.

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
  • 0






Similar Topics


Also tagged with one or more of these keywords: Help, popups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP