This has been an on and off deal since this morning, when I click on a bookmark or any link to open a page, the page opens in a new tab next to the one I'm working on, I click on the tab (not the red X) and the entire tab disappears, in addition to this, literally nothing is clickable (ex: settings, address bar, bookmarks, etc...). I have run a Kaspersky scan, an eset scan, ccleaner and Malware Antibytes, got rid of a few nuisances but nothing terrible. It works fine for a couple hours and starts in again. There is no specific page that sets it off, it just starts doing it out of nowhere. Things work fine in Firefox and Internet Explorer so I'm guessing it is a Chrome specific issue. I have reset Chrome settings and restarted the laptop, no luck. I really prefer Chrome over FF or IE even though it's a resource hog... It's a hit or miss and I've tried everything I can think of.
Edited to add that I can't use drag and drop feature to move files, nor can I right click on a file and move it. I have to open the document and click "Save as" and save it to the folder I need it to be in. And now, for a new twist, if I leave a browser open and the laptop unattended it will open 20 to 30 new tabs all by itself. At that point my only option is to use the task manager and end all running processes to close the endless windows/tabs that have been opened.
Hoping one of the geniuses here can help me. Thanks!
Here is the first FRST Scan log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Tams (2016-01-04 17:23:09)
Running from C:\Users\Tams\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-05 21:41:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4195195172-405157436-2273080122-500 - Administrator - Disabled)
Guest (S-1-5-21-4195195172-405157436-2273080122-501 - Limited - Disabled)
Tams (S-1-5-21-4195195172-405157436-2273080122-1000 - Administrator - Enabled) => C:\Users\Tams
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2001 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.13.2000.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1415 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1406 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Photosmart 5510 series Basic Device Software (HKLM\...\{424E8E17-A7B7-45B5-8C79-D58F04D9D920}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{1AE1848C-D592-4222-8048-AEE1694D2959}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{A19807B6-6057-456E-A560-A2A04862C1C6}) (Version: 1.5.1.202 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.1.202 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.13 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {45C13437-81AB-4A99-8CFE-1216C2062573} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-06] (Dropbox, Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {7000C952-9E7B-40AD-898A-1238FDB7728F} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {76128B93-8FA3-4DB5-AD92-BC0A6DB5E11B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-06] (Dropbox, Inc.)
Task: {8158FC5B-32DB-4CE5-87E0-BE5A12941C77} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {8D7A0A42-0D00-4E98-8879-FA45E5FDC00F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {9A21AAEE-C445-4B66-BFE8-9700E50E478F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-04] (Google Inc.)
Task: {9E8F8715-4477-41DA-B864-C0EFAC5C8DB0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {A9996A0B-2EF2-4801-8BCA-E19ED5418523} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-11-19] (Acer)
Task: {B28F014A-9E06-435E-83C8-C8301E735A02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-04] (Google Inc.)
Task: {C3522F50-9544-4E04-81F4-63161DA92086} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {C38E11BD-3977-454D-9CE9-1F849EBE881B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-11-17] (Acer Incorporated)
Task: {D5BCB3FC-A996-40CC-A419-480E8082A452} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {DB91C973-6569-4742-8ABA-C1C100F6F132} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-13 04:46 - 2012-02-14 11:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-23 18:44 - 2015-11-23 18:44 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2015-12-20 14:03 - 2015-12-20 14:03 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-11-17 11:11 - 2015-11-17 11:11 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-11-17 11:10 - 2015-11-17 11:10 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-04-13 11:16 - 2015-04-13 11:16 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-03-13 04:06 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-18 20:36 - 2012-02-07 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-01-04 10:20 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2016-01-04 10:20 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-10-15 10:45 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BA4C277E-AEFB-478C-8007-521FD33EF45B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A38D4D2F-A5D0-4C17-AAA2-7A7C3A00B046}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{ECBCEBBA-C2FB-45DB-8A17-AEC4C640C2AA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C10D1719-B2EA-4034-9619-A70C74B87070}] => (Allow) LPort=2869
FirewallRules: [{00D6FFD1-02B2-4818-B562-7B0E08D99C87}] => (Allow) LPort=1900
FirewallRules: [{F945D8B9-07F5-4B6A-951E-1ACF5220F913}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6336EC0D-D234-470A-8213-17B382CB3B7B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{797081F8-0E0A-427B-ACA7-4785EFA2B645}] => (Allow) C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe
FirewallRules: [{46851057-8955-4605-A264-53CD21F21DE8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{57A516E9-68D2-4068-B385-BDF8B8882411}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{6DB36738-769E-498D-B6A5-2465E43919EC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{D701F2EC-38EA-40C2-AFB9-A7C2EC24B116}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{92C72C58-7FD9-45EE-BF0C-EA92BCB6170A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{90D78AAA-8E1E-4110-9DD5-F8D4D0C20327}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{EDE2D0BB-790B-4A37-880C-065DFA62A7BC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CCEA494D-8A29-440C-BCCF-7A4721F22981}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F61751E4-9279-48FB-ABFB-8F44D3E828CD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{BE0EA31F-285C-4F75-9256-D1454F25649A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{BE8E41E0-C088-437C-9FF8-DDD36F25EE72}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{451C51C5-F455-479C-AB8A-7FEDDAD17232}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{C7A424DE-13C6-4AA5-A743-A515D81761CE}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{021FC334-8C0C-459A-A1A9-4A2C51875696}D:\01_for windows os\ipcamera.exe] => (Allow) D:\01_for windows os\ipcamera.exe
FirewallRules: [UDP Query User{34D4A8B6-A6E7-4D07-92AB-258307038ABF}D:\01_for windows os\ipcamera.exe] => (Allow) D:\01_for windows os\ipcamera.exe
FirewallRules: [TCP Query User{455AE7F2-5D88-4CA5-BBA1-A7648205E8CF}C:\users\tams\desktop\ipcamera.exe] => (Allow) C:\users\tams\desktop\ipcamera.exe
FirewallRules: [UDP Query User{2D3D04DB-3EBF-4541-9D2D-971A2BD8F794}C:\users\tams\desktop\ipcamera.exe] => (Allow) C:\users\tams\desktop\ipcamera.exe
FirewallRules: [{3E0CB740-8242-4ADC-8585-998EA40B620E}] => (Allow) C:\Users\Tams\AppData\Local\Temp\SmallInstaller\InstallFiles\ccdd.exe
FirewallRules: [{EF6EF56D-C6FD-4B96-ABBD-C77B8AC1AC01}] => (Allow) C:\Users\Tams\AppData\Local\Temp\SmallInstaller\InstallFiles\ccdd.exe
FirewallRules: [{ABDB74DF-8299-480D-BF3F-2F55811BCC7A}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{9C5EC6DC-C08B-4690-BB68-4E4DE2D67E11}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{1BA7526F-AE86-48A8-8A86-230EA204017F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A5B721F7-3397-411F-8319-16F5A386A96C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{DBD130E3-21AD-41B7-A2A5-C2E5BA7DF2B4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BF943D19-BFFA-4AAF-B804-A67958BEEA27}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4EDFB0FD-5825-48AA-BCCF-0DB2D26BAC98}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E88342F7-E100-46FF-B0ED-AE94BBE6C057}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A6D1B2AB-AF65-4D43-ACB0-762D2A64C462}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5232F64E-E305-4863-838B-F36785FCAF36}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{6B128251-28BF-44D6-BC08-4F508086D50D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{E18562ED-C463-44EA-943E-C6C9A8871309}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{F94A5E1C-490A-4E53-8BAD-ED3D4E2681DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FAA0E424-B706-4287-97DA-D4B76C6C3C31}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E2F9CDB-EC5E-4FA3-937C-EE63F6A72199}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D3875E60-BF32-4654-9345-5C21B67AA642}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5BCC9A84-399D-41F7-BBB7-5AAC6541667E}D:\01_for windows os\ipcamera.exe] => (Allow) D:\01_for windows os\ipcamera.exe
FirewallRules: [UDP Query User{F1609EF3-FCAD-4613-A944-96E1F4A5657B}D:\01_for windows os\ipcamera.exe] => (Allow) D:\01_for windows os\ipcamera.exe
FirewallRules: [TCP Query User{D828DA12-9A7D-4DE5-B616-358C711B51EE}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [UDP Query User{DC49B0EA-5CAD-4D28-949E-FBB8E10A210D}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [{35BA66C9-F04C-4A76-A23B-3B259BDB37BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{02DDFD92-738B-4B1E-B002-F521CDC54C1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{689A2983-F942-41C7-B15A-54C20D949224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{89490EA3-BBAC-4648-B112-40DEF2805B84}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{10F23C33-9F1F-4649-8A90-F6C993218296}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{085713A9-43A9-4610-8702-C8D19CA91967}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4FF0415B-6366-42F5-A30B-D32D352D6A0F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{896BBA5B-E9CD-4433-9E98-A6772C886DE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADFA03DD-1CD5-4926-8338-2A12B755D065}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{70AA4AE6-AF14-47A0-9765-55EB355ACFC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6355056D-6A41-48B2-80E7-27EBDC2B8F06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F1DD5023-5DC7-431D-B52A-7194EAF67EF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49455E39-45B2-4AD2-B31A-8A09FDCB94F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
16-12-2015 09:48:45 Installed Free Ringtone Maker
16-12-2015 09:50:48 Removed NowUSeeIt Player
16-12-2015 09:53:57 Removed Free Ringtone Maker
19-12-2015 23:40:36 Installed iTunes
20-12-2015 15:25:30 Removed BlueStacks App Player
23-12-2015 13:23:39 Windows Update
28-12-2015 12:58:12 Windows Update
01-01-2016 15:15:23 Windows Update
03-01-2016 12:10:04 Removed Microsoft Office 2010
04-01-2016 17:11:50 Removed Content Manager
04-01-2016 17:12:53 Removed Evernote v. 5.8.6
04-01-2016 17:14:16 Removed LG VZW United Drivers.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2016 04:58:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d30
Start Time: 01d1471e60fcb795
Termination Time: 13
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Report Id:
Error: (01/04/2016 04:42:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19781
Error: (01/04/2016 04:42:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19781
Error: (01/04/2016 04:42:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/04/2016 04:42:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18782
Error: (01/04/2016 04:42:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18782
Error: (01/04/2016 04:42:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/04/2016 04:42:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17690
Error: (01/04/2016 04:42:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17690
Error: (01/04/2016 04:42:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/04/2016 04:18:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (01/04/2016 04:18:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Tams\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/04/2016 04:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (01/04/2016 04:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Tams\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/04/2016 04:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (01/04/2016 04:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Tams\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/04/2016 04:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (01/04/2016 04:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Tams\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/04/2016 04:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (01/04/2016 04:18:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Tams\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU B820 @ 1.70GHz
Percentage of memory in use: 51%
Total physical RAM: 3932.36 MB
Available physical RAM: 1901.65 MB
Total Virtual: 7862.93 MB
Available Virtual: 5490.58 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:178.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: ACC74791)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Here is the second FRST Scan Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Tams (administrator) on TAMS-PC (04-01-2016 17:22:30)
Running from C:\Users\Tams\Downloads
Loaded Profiles: Tams & (Available Profiles: Tams)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(LG Electronics) C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Tams\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1106512 2012-03-02] (Dritek System Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [400880 2015-07-16] (LG Electronics)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2015-11-19] (Acer)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\Run: [BYRUA_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [400880 2015-07-16] (LG Electronics)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\RunOnce: [CM2.0_Uninst] => 1
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\MountPoints2: F - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\MountPoints2: {2b0cf4c6-2034-11e5-81a8-dc0ea1aba574} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\MountPoints2: {b2e59576-dc9d-11e4-874c-dc0ea1aba574} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\...\MountPoints2: {f27d139a-7356-11e5-8293-dc0ea1aba574} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2015-11-19] (Acer)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BYRUA_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [400880 2015-07-16] (LG Electronics)
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2b0cf4c6-2034-11e5-81a8-dc0ea1aba574} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b2e59576-dc9d-11e4-874c-dc0ea1aba574} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f27d139a-7356-11e5-8293-dc0ea1aba574} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-01-04]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{7B6751E9-19A8-49B0-B9CF-572485848058}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Internet Explorer:
==================
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=101&s_chn2=0D0CtD0E0AtC0A0B0AyDyByEyEtC0A0E2RtBtDtCyDtCtBtCyCtDzyyEyCtCtBzyzzyE
HKU\S-1-5-21-4195195172-405157436-2273080122-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=101&s_chn2=0D0CtD0E0AtC0A0B0AyDyByEyEtC0A0E2RtBtDtCyDtCtBtCyCtDzyyEyCtCtBzyzzyE
HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4195195172-405157436-2273080122-1000 -> DefaultScope {082D6C62-5D86-4FC4-8FC7-765B79181466} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4195195172-405157436-2273080122-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4195195172-405157436-2273080122-1000 -> {082D6C62-5D86-4FC4-8FC7-765B79181466} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {082D6C62-5D86-4FC4-8FC7-765B79181466} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4195195172-405157436-2273080122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {082D6C62-5D86-4FC4-8FC7-765B79181466} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.0.147/codebase/DVM_IPCam2.ocx
FireFox:
========
FF ProfilePath: C:\Users\Tams\AppData\Roaming\Mozilla\Firefox\Profiles\oiobye5v.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Blur) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-12-31]
CHR Extension: (Google Sheets) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (RSS Feed Reader) - C:\Users\Tams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-12-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-16] (Acer Incorporated)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-01-18] (Atheros Communication Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 vzandnetbus; system32\DRIVERS\lgvzandnetbus64.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-04 17:22 - 2016-01-04 17:22 - 00023119 _____ C:\Users\Tams\Downloads\FRST.txt
2016-01-04 17:21 - 2016-01-04 17:21 - 02370560 _____ (Farbar) C:\Users\Tams\Downloads\FRST64 (2).exe
2016-01-04 17:19 - 2016-01-04 17:22 - 00000000 ____D C:\FRST
2016-01-04 17:19 - 2016-01-04 17:19 - 02370560 _____ (Farbar) C:\Users\Tams\Downloads\FRST64 (1).exe
2016-01-04 17:18 - 2016-01-04 17:19 - 01721856 _____ (Farbar) C:\Users\Tams\Downloads\FRST.exe
2016-01-04 17:18 - 2016-01-04 17:18 - 02370560 _____ (Farbar) C:\Users\Tams\Downloads\FRST64.exe
2016-01-04 14:55 - 2016-01-04 14:55 - 02870984 _____ (ESET) C:\Users\Tams\Downloads\esetsmartinstaller_enu.exe
2016-01-04 14:55 - 2016-01-04 14:55 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-04 12:13 - 2016-01-04 16:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 12:12 - 2016-01-04 12:12 - 22908888 _____ (Malwarebytes ) C:\Users\Tams\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-04 12:12 - 2016-01-04 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-04 12:12 - 2016-01-04 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-04 12:12 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-04 12:12 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-04 12:12 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-04 11:14 - 2016-01-04 11:14 - 00000000 ____D C:\Users\Tams\AppData\Local\CEF
2016-01-04 11:14 - 2016-01-04 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-01-04 11:13 - 2016-01-04 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-01-04 11:13 - 2016-01-04 11:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-04 11:13 - 2016-01-04 11:13 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-04 11:09 - 2016-01-04 11:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-04 11:04 - 2016-01-04 11:04 - 00000093 _____ C:\Windows\wininit.ini
2016-01-04 10:53 - 2016-01-04 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-04 10:20 - 2016-01-04 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-04 10:19 - 2016-01-04 16:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-04 10:19 - 2016-01-04 12:32 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 10:19 - 2016-01-04 10:19 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-04 10:19 - 2016-01-04 10:19 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-04 10:18 - 2016-01-04 10:18 - 00927824 _____ (Google Inc.) C:\Users\Tams\Downloads\ChromeSetup.exe
2015-12-28 14:08 - 2015-12-28 14:08 - 01167655 _____ C:\Users\Tams\Downloads\document.pdf
2015-12-23 12:41 - 2015-12-23 12:41 - 00071915 _____ C:\Users\Tams\Downloads\LoadConfirmation894608.pdf
2015-12-21 14:15 - 2015-12-21 14:15 - 00003338 _____ C:\Windows\System32\Tasks\abDocsDllLoader
2015-12-20 14:08 - 2015-12-20 14:08 - 00089525 _____ C:\Users\Tams\Downloads\dir (8).dcr
2015-12-20 14:04 - 2015-12-20 14:04 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-12-20 13:57 - 2015-12-20 13:57 - 00000000 ____D C:\Users\Tams\abBox
2015-12-19 23:40 - 2015-12-19 23:40 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-19 23:40 - 2015-12-19 23:40 - 00000000 ____D C:\Users\Tams\AppData\Local\Apple
2015-12-19 23:40 - 2015-12-19 23:40 - 00000000 ____D C:\Program Files\Bonjour
2015-12-19 23:40 - 2015-12-19 23:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-19 23:40 - 2015-12-19 23:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-19 23:39 - 2015-12-19 23:40 - 00000000 ____D C:\ProgramData\Apple
2015-12-19 23:39 - 2015-12-19 23:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-19 23:31 - 2015-12-19 23:33 - 167608088 _____ (Apple Inc.) C:\Users\Tams\Downloads\iTunes6464Setup.exe
2015-12-18 12:31 - 2015-12-18 12:31 - 00086812 _____ C:\Users\Tams\Downloads\1070-126-61526868.pdf
2015-12-18 12:30 - 2015-12-18 12:30 - 00086278 _____ C:\Users\Tams\Downloads\1070-126-56957259.pdf
2015-12-16 09:51 - 2015-12-16 09:51 - 00000000 ____D C:\Users\Tams\AppData\Local\SkinSoft
2015-12-16 09:50 - 2015-12-16 09:50 - 00000000 _____ C:\Windows\SysWOW64\${FILE_SN_DLL}
2015-12-16 09:48 - 2015-12-16 09:48 - 00000000 ____D C:\Users\Tams\AppData\Roaming\Convert Audio Free
2015-12-16 09:47 - 2015-12-16 09:50 - 00000000 ____D C:\Users\Tams\AppData\Roaming\Wow_com
2015-12-16 09:47 - 2015-12-16 09:46 - 13873613 _____ (Convert Audio Free) C:\Users\Tams\Downloads\ringtonemaker_setup [1].exe
2015-12-16 09:44 - 2015-12-16 09:45 - 03317248 _____ C:\Users\Tams\Downloads\Ringtone-Maker_1240.msi
2015-12-14 13:30 - 2015-12-14 13:30 - 00071921 _____ C:\Users\Tams\Downloads\LoadConfirmation891346.pdf
2015-12-14 08:27 - 2015-12-14 08:27 - 00071923 _____ C:\Users\Tams\Downloads\LoadConfirmation891858.pdf
2015-12-13 23:59 - 2015-12-13 23:59 - 00980175 _____ C:\Users\Tams\AppData\Local\Ringtone-Maker_1240.rar
2015-12-11 13:52 - 2015-12-11 13:52 - 00000000 ____D C:\Users\Tams\AppData\Local\{6C1CDB57-48C8-4624-B430-27D516555632}
2015-12-09 19:11 - 2015-12-09 19:11 - 00293262 _____ C:\Users\Tams\Downloads\Recipes - Red Velvet Cake with Buttercream Frosting.pdf
2015-12-08 22:18 - 2015-12-08 22:18 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-08 22:18 - 2015-12-08 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-08 22:17 - 2015-12-08 22:18 - 00000000 ____D C:\Program Files\CCleaner
2015-12-08 22:15 - 2015-12-08 22:18 - 06801752 _____ (Piriform Ltd) C:\Users\Tams\Downloads\ccsetup512 (1).exe
2015-12-08 22:15 - 2015-12-08 22:17 - 06801752 _____ (Piriform Ltd) C:\Users\Tams\Downloads\ccsetup512.exe
2015-12-08 11:25 - 2015-12-08 11:25 - 00236048 _____ C:\Users\Tams\Documents\Scan0003.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-04 17:22 - 2015-10-06 13:17 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-04 17:22 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-04 17:22 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-04 17:19 - 2007-07-11 19:48 - 00000000 ____D C:\Windows
2016-01-04 17:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-04 17:12 - 2015-10-06 13:17 - 00000000 ____D C:\Users\Tams\AppData\Local\Dropbox
2016-01-04 17:12 - 2015-10-06 13:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-04 17:12 - 2012-03-13 04:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-04 16:17 - 2015-04-06 06:16 - 00000000 ____D C:\Program Files (x86)\Coupons
2016-01-04 14:22 - 2015-10-06 13:17 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-04 12:39 - 2009-07-13 23:13 - 00727182 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-04 12:32 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 12:09 - 2015-09-29 08:49 - 00000000 ____D C:\Windows\Minidump
2016-01-04 12:09 - 2015-07-10 15:52 - 00000000 ____D C:\Users\Tams\AppData\Local\CrashDumps
2016-01-04 11:46 - 2015-10-15 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-04 10:20 - 2015-04-05 15:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-03 12:12 - 2015-04-05 15:49 - 00000000 ____D C:\Users\Tams\AppData\Local\Deployment
2016-01-03 08:14 - 2015-04-06 06:23 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-21 14:15 - 2012-03-13 04:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-12-21 14:15 - 2012-03-13 04:19 - 00000000 ____D C:\Program Files (x86)\Acer
2015-12-21 14:14 - 2015-05-26 09:22 - 00000000 ____D C:\Users\Tams\AppData\Local\clear.fi
2015-12-20 14:07 - 2015-10-15 10:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-20 14:07 - 2015-10-15 10:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-20 14:07 - 2015-04-06 11:42 - 00000000 ____D C:\Users\Tams\AppData\Local\Adobe
2015-12-20 14:04 - 2015-07-20 11:47 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2015-12-20 14:04 - 2012-03-13 04:27 - 00000000 ____D C:\ProgramData\oem
2015-12-20 13:57 - 2015-04-05 15:41 - 00000000 ____D C:\Users\Tams
2015-12-18 17:11 - 2015-06-03 12:55 - 00000000 ____D C:\Users\Tams\AppData\Local\Windows Live
2015-12-18 15:50 - 2015-04-06 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-12-14 12:16 - 2015-04-05 16:22 - 00000000 ____D C:\Users\Tams\Desktop\Documents and stuff
2015-12-10 00:26 - 2015-05-16 09:39 - 00000000 ____D C:\Users\Tams\AppData\Roaming\SoftGrid Client
2015-12-08 22:21 - 2015-11-11 19:44 - 00000000 ____D C:\Users\Tams\AppData\Roaming\PhotoScape
2015-12-08 22:21 - 2015-10-31 16:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-08 22:21 - 2012-03-13 04:36 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-12-08 22:20 - 2007-07-11 19:49 - 00000000 ____D C:\Windows\Panther
2015-12-08 22:12 - 2015-02-18 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
2015-12-08 22:12 - 2015-02-18 20:51 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
==================== Files in the root of some directories =======
2015-12-13 23:59 - 2015-12-13 23:59 - 0980175 _____ () C:\Users\Tams\AppData\Local\Ringtone-Maker_1240.rar
2015-04-06 06:14 - 2015-04-06 06:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-18 20:47 - 2015-02-18 20:50 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log
2015-02-18 20:49 - 2015-02-18 20:49 - 0000032 _____ () C:\ProgramData\PS.log
Some files in TEMP:
====================
C:\Users\Tams\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\Tams\AppData\Local\Temp\_isE87F.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 15:28
==================== End of FRST.txt ============================
Edited by ColtsFan18, 07 January 2016 - 02:08 PM.