Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CNBJ2530.DPB and prncacla.inf wouldnt fix. Did malware scan. Please ca

Started by SharpRose , Feb 08 2016 07:07 PM

  • Please log in to reply

#1
SharpRose
Posted 08 February 2016 - 07:07 PM

SharpRose

    New Member

  • Member
  • Pip
  • 8 posts

Hi, :) Iv'e literally just this minute joined in the hope that one of you really cleaver people can help me out. (I apologize for any spelling/grammar/other mistakes im so tired)

 

Okay a few month back i bought a acer laptop brand new (or so they said) From the first day I started using it the cpu and disc was extremely high like 80% with only google chrome running the system was taking up the most, google chrome second and the task manager itself actually coming a close third......YES.....the task manger. The laptop was on sale in TESCO for like £200 bargain, or so I thought. The system properties are Untitled.png <-----I hope that image has worked.

 

Because of the 2gb memory I thought 80% cpu might just be what it does its when its using a 100% disk on only the browser (and the task manager itself?) that it was extremely worrying for a brand new laptop. I let it slide anyway as the computers wasn't atall that slow.

 

I dont know if they refurbished this and sold it as new but anyway. A computer genius told me windows defender was just as good as any antivirus so daft arse me uninstalled avast to try and free up some disk space. I know stupid ha. 

 

Recently I may or may not have ended on some dodgey websites, the kind that are filled with adverts everywere you click, you click the screen to get them off and all of a sudden you have 2 shopping deal bars, a yahoo search engine etc. You know the ones. 

 

The computers been really sluggish today and started lagging when I was playing a game (and we carnt have that) so I googled some things and ended up running a SFC scannow on the command prompt. This brought up like 2 corrupt files CNBJ2530.DPB and prncacla.inf and when it came to fixing them I got an ERROR 87 back. I wont post the logs as im assuming your all in the know as theres a post on here saying it was a common problem.

 

I downloaded the sfc fixit which was posted on a thread and noticed the dont run this application if your computer is infected message. and without thinking I ran it. The command prompt did absolutely nothing, no error code I couldn't type anything else it was like it just froze, I left it open for a good 40mins as it did tell me to be patient ;-) 

 

And thats when I deiced to look for a malware detector. Downloaded farbar recovery tool and kind of wish I never because I dont understand any of it but It did look like its fount a few things. During this whole process my screen has switched itself of 3times randomly I think I only had a game running.

 

So that brings me here, in the hope that someone can rescue this damsel in distress.

 

 

HERE ARE BOTH THE LOG FILES (or jagon) FROM THE RECOVERY TOOL.

 

Attached File  FRST_08-02-2016_23-09-38.txt   36.73KB   263 downloads

 

Attached File  Addition_08-02-2016_23-09-38.txt   31.65KB   230 downloads

 

And I even attatched the scan log and DISM error ??? If thats what its called.

 

Okay no I didnt because it wouldn't let me I can copy and paste them if you need me to anyway. And thank-you in advance if you took the time to read this, and a bigger thank-you if you can help this clueless girl out.

 

 

 

Yours Sincerely Stacy, x

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Stacie (administrator) on STACESACER (08-02-2016 23:01:56)
Running from C:\Users\Stacie\Downloads
Loaded Profiles: Stacie (Available Profiles: Stacie)
Platform: Windows 8.1 Connected (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Pokki) C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Pokki) C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\MountPoints2: {cf1cab34-c2a3-11e5-826c-2c600c7c5e06} - "D:\autorun.exe" 
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\MountPoints2: {cf1cab3e-c2a3-11e5-826c-2c600c7c5e06} - "D:\autorun.exe" 
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\MountPoints2: {cf1cabae-c2a3-11e5-826c-2c600c7c5e06} - "D:\autorun.exe" 
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{2B728B98-5926-4F4F-BB1A-3684C4393821}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6900C5E0-B6E0-4702-9120-0F19581FD2D1}: [DhcpNameServer] 40.30.1.66
Tcpip\..\Interfaces\{ECB8E448-8E2A-4C36-9A5F-1BD5BAA39653}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-555111471-2403504220-3507946370-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-555111471-2403504220-3507946370-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-555111471-2403504220-3507946370-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-20] (Microsoft Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-24] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-20] (Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-24] (Microsoft Corporation)
Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
Toolbar: HKLM-x32 - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
 
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://uk.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_28&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtCzzzy0DyD0EtA0AtD0DtN0D0Tzu0StCtBzzyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzzyDtA0FtCyE0BtGtAyByBtDtGtCtB0DtAtGtC0B0B0FtGtDtBtB0FtCzyyD0B0C0A0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0FtA0F0AtD0EtDtGzz0EyCtDtGyE0AtD0AtG0AyDzz0FtGyD0FtB0D0CtDyByEtD0EtB0C2QtN0A0LzuyE%26cr%3D1725030734%26a%3Dwny_ir_15_28%26os%3DWindows 7 Home Premium","hxxp://www.dregol.com/?f=7&a=drg_ir_15_28&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtCzzzy0DyD0EtA0AtD0DtN0D0Tzu0StCtBzztAtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0FyCyB0D0DtByDtGtDyCtDtAtG0AtCyD0BtGtAyB0EtDtG0BtDyEyDtByEyByBzzzyyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0FtA0F0AtD0EtDtGzz0EyCtDtGyE0AtD0AtG0AyDzz0FtGyD0FtB0D0CtDyByEtD0EtB0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzyCtB&cr=1522303241&ir=","hxxps://uk.search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR Profile: C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-01]
CHR Extension: (Google Drive) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-01]
CHR Extension: (YouTube) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-01]
CHR Extension: (Facebook) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-02-02]
CHR Extension: (Adblock Plus) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-07]
CHR Extension: (Google Search) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-01]
CHR Extension: (Google Sheets) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-01]
CHR Extension: (SiteAdvisor) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-02]
CHR Extension: (Vysor (Beta)) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2016-02-04]
CHR Extension: (AdBlock) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-08]
CHR Extension: (My Study Life) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2016-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-01]
CHR Extension: (Gmail) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
 
Opera: 
=======
OPR Extension: (Adguard) - C:\Users\Stacie\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2016-02-08]
OPR Extension: (Youtube - Most Popular) - C:\Users\Stacie\AppData\Roaming\Opera Software\Opera Stable\Extensions\oldapoiohefbnmggejjodihigclfhnka [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-05-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7524016 2014-01-07] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [173384 2014-04-08] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-08 23:01 - 2016-02-08 23:03 - 00018762 _____ C:\Users\Stacie\Downloads\FRST.txt
2016-02-08 23:00 - 2016-02-08 23:01 - 00000000 ____D C:\FRST
2016-02-08 22:59 - 2016-02-08 22:59 - 00001432 _____ C:\Users\Stacie\Desktop\FRST64 - Shortcut.lnk
2016-02-08 22:54 - 2016-02-08 22:55 - 02370560 _____ (Farbar) C:\Users\Stacie\Downloads\FRST64 (1).exe
2016-02-08 22:53 - 2016-02-08 22:55 - 02370560 _____ (Farbar) C:\Users\Stacie\Downloads\FRST64.exe
2016-02-08 21:51 - 2016-02-08 21:51 - 00000000 ____D C:\Users\Stacie\AppData\Local\niemiro
2016-02-08 21:50 - 2016-02-08 21:50 - 00001470 _____ C:\Users\Stacie\Desktop\SFCFix (1) - Shortcut.lnk
2016-02-08 21:48 - 2016-02-08 21:49 - 02716160 _____ (niemiro) C:\Users\Stacie\Downloads\SFCFix (1).exe
2016-02-08 03:49 - 2016-02-08 03:50 - 00000000 ____D C:\Users\Stacie\Documents\COLLEGE WORK
2016-02-07 16:50 - 2016-02-07 16:50 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2016-02-07 16:50 - 2016-02-07 16:50 - 00001988 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2016-02-04 15:00 - 2016-02-04 15:00 - 00002283 _____ C:\Users\Stacie\Desktop\Chrome App Launcher.lnk
2016-02-04 15:00 - 2016-02-04 15:00 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-04 15:00 - 2016-02-04 15:00 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-02-04 14:36 - 2016-02-04 14:36 - 00000516 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-02-01 18:52 - 2016-02-07 17:02 - 00002196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-01 18:52 - 2016-02-07 17:02 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-01 18:50 - 2016-02-08 22:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 18:50 - 2016-02-08 18:55 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 18:50 - 2016-02-02 12:58 - 00000000 ____D C:\Users\Stacie\AppData\Local\Google
2016-02-01 18:50 - 2016-02-01 18:51 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-01 18:50 - 2016-02-01 18:50 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 18:50 - 2016-02-01 18:50 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 03:58 - 2016-01-30 03:58 - 00000000 ____D C:\Users\Stacie\Documents\Custom Office Templates
2016-01-24 14:16 - 2016-02-08 22:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-24 14:16 - 2016-01-24 18:10 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-13 20:45 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 20:45 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 20:41 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 20:41 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-13 20:41 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-13 11:42 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 11:42 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 11:42 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 11:42 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 11:42 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 11:42 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 11:42 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-13 11:42 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-13 11:42 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 11:42 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-13 11:42 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-13 11:42 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 11:42 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-13 11:42 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-13 11:42 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-13 11:42 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-13 11:42 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-13 11:42 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-13 11:42 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-13 11:42 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-13 11:42 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-13 11:42 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 11:42 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 11:42 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 01798480 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 11:41 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 11:41 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 11:41 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 11:41 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 11:41 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 11:41 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 11:41 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 11:41 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-13 11:41 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 11:41 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 11:41 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 11:41 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 11:41 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 11:41 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 11:41 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 11:41 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 11:41 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 11:41 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 11:41 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 11:36 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-13 11:36 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-13 11:36 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-13 11:36 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-13 11:36 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-13 11:36 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-13 11:36 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-13 11:36 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-13 11:36 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-13 11:36 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-13 11:36 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-13 11:36 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-13 11:36 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 11:36 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 11:35 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-12 23:09 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 23:09 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-10 07:42 - 2016-02-08 03:53 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Foxit Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-08 22:43 - 2013-08-22 15:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-08 20:59 - 2014-03-18 09:47 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-08 20:59 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-08 20:49 - 2015-12-01 18:23 - 00000000 ____D C:\Users\Stacie\AppData\Local\SweetLabs App Platform
2016-02-08 19:36 - 2015-12-01 18:29 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-555111471-2403504220-3507946370-1001
2016-02-08 19:31 - 2015-12-01 18:23 - 00000000 ____D C:\Users\Stacie\AppData\Local\Packages
2016-02-08 19:31 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-08 06:43 - 2015-12-01 19:52 - 00000000 ____D C:\Users\Stacie\AppData\Local\CrashDumps
2016-02-08 02:32 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-07 20:11 - 2015-12-14 05:39 - 00000000 ___DO C:\Users\Stacie\OneDrive
2016-02-07 16:50 - 2015-12-06 14:48 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2016-02-07 16:49 - 2014-07-15 08:17 - 00000000 ___HD C:\OEM
2016-02-07 16:46 - 2015-04-07 15:43 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-02-07 16:43 - 2015-12-01 18:27 - 00000000 ____D C:\Users\Stacie\AppData\Local\clear.fi
2016-02-07 16:02 - 2015-12-02 01:07 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1449018443
2016-02-07 16:02 - 2015-12-02 01:07 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-07 16:02 - 2015-12-02 01:06 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-30 21:38 - 2015-12-02 15:43 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-25 03:57 - 2015-12-01 18:22 - 00000000 ____D C:\Users\Stacie
2016-01-24 18:10 - 2015-12-02 15:43 - 00003862 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-24 18:10 - 2015-12-02 15:37 - 00000000 ____D C:\Users\Stacie\AppData\Local\Adobe
2016-01-24 14:08 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-24 06:24 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-24 06:21 - 2015-12-02 01:42 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-23 05:33 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-21 16:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2016-01-15 22:59 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-15 22:57 - 2015-12-03 02:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-15 22:53 - 2015-12-03 02:57 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-12-02 01:13 - 2015-12-02 01:13 - 0007606 _____ () C:\Users\Stacie\AppData\Local\Resmon.ResmonCfg
2015-04-07 15:28 - 2015-04-07 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Stacie\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-04 15:15
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Stacie (2016-02-08 23:06:06)
Running from C:\Users\Stacie\Downloads
Windows 8.1 Connected (X64) (2015-12-01 18:22:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-555111471-2403504220-3507946370-500 - Administrator - Disabled)
Guest (S-1-5-21-555111471-2403504220-3507946370-501 - Limited - Disabled)
Stacie (S-1-5-21-555111471-2403504220-3507946370-1001 - Administrator - Enabled) => C:\Users\Stacie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.221 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\SweetLabs_AP) (Version: 0.269.7.840 - Pokki)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
Pokki Start Menu (HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.840 - Pokki)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-555111471-2403504220-3507946370-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C330B3C-3F0D-4679-9CE3-0CFDB5695EEB} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {0E84AAFA-2F52-4D56-B14B-A9D21E3AC99F} - System32\Tasks\Opera scheduled Autoupdate 1449018443 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
Task: {11328C02-7F1B-40D9-92DC-E36DE7875B4F} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
Task: {11BE5489-2F52-4ED2-BC53-E959D6EE0741} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-17] ()
Task: {13E0218C-CF45-4DB8-AC5D-4A93C2ACCA50} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {4162566D-36C1-4B2B-B241-745AC79DE177} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {4349BE07-0895-4870-81A5-DA3AD735D791} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-24] (Adobe Systems Incorporated)
Task: {456F575C-368B-457E-9588-689C6CD7DE36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-02] (Microsoft Corporation)
Task: {49AAE883-A404-41E9-80D4-D0CC5F7E1D78} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-17] (Acer Incorporated)
Task: {54241D0D-F5DE-443F-A0FC-B3A611A98D84} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: {5507224A-423C-4160-A6AF-802D0A5E5FF2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-24] (Adobe Systems Incorporated)
Task: {6E878EBE-4524-418F-A2FD-F4FDDEC7CEEC} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {6F5A56D8-D7F8-47D0-9F96-10D8D53B136B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {7B78FE8E-3939-43D1-BA11-94C5F5C8EB89} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {85AD32FE-1559-48F6-9EE2-A93F09E9C659} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {88EE1A87-BE93-40E7-9EB6-627D36D9E487} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {90D97313-E939-4247-BC08-15F687248535} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
Task: {90E8D422-1B78-4DF9-8F5D-971768044F13} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-17] ()
Task: {959795E2-A6D8-451B-9E3E-7010C8676679} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-17] ()
Task: {A50EF7C6-BD41-4C1A-A5A2-378606A3B400} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-02] (Microsoft Corporation)
Task: {BD6AE3B0-3D99-46D2-A12A-23D6888A2C54} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {BF100BEE-13EF-4E5C-9E59-096985C221C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {DF189A73-AF9B-49F9-ABFA-A8C9F40BBFA7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-24] (Microsoft Corporation)
Task: {E62055D6-62C8-4C36-BE7E-D0ACEE1762CA} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {EBA3D7EA-0B18-404C-B186-2D355EF4A5E8} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {F29A9F72-B784-424D-93AF-9DDF3436E067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {FCB41A82-EEE2-491A-8683-00924371BD56} - System32\Tasks\SweetLabs App Platform => C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-12-11] (Pokki)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-18 19:02 - 2014-02-18 19:02 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-12-02 01:42 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-07 15:53 - 2012-04-24 10:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-12-02 02:11 - 2015-12-02 02:11 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-07 16:16 - 2014-07-01 13:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-04-15 20:13 - 2015-04-15 20:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-04-07 15:23 - 2014-02-26 03:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-05-30 09:49 - 2014-03-07 16:21 - 00080312 _____ () C:\Windows\system32\IGFXEXPS.DLL
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-23 18:44 - 2015-11-23 18:44 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-07-17 14:39 - 2015-07-17 14:39 - 04612448 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2015-07-17 14:40 - 2015-07-17 14:40 - 00013664 _____ () C:\Program Files (x86)\Acer\Care Center\LogDebug.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00177504 _____ () C:\Program Files (x86)\Acer\Care Center\ACCUtilities.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00025440 _____ () C:\Program Files (x86)\Acer\Care Center\MonitorDataHelper.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00018784 _____ () C:\Program Files (x86)\Acer\Care Center\ACCPlugin.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00026464 _____ () C:\Program Files (x86)\Acer\Care Center\MonitorControlLib.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00065888 _____ () C:\Program Files (x86)\Acer\Care Center\ACCMonitorPlugin\ACCSupportMonitor.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00042336 _____ () C:\Program Files (x86)\Acer\Care Center\ACCMonitorPlugin\ACtCTuneUpMonitorDisk.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00016224 _____ () C:\Program Files (x86)\Acer\Care Center\ACCADSManager.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 01744224 _____ () C:\Program Files (x86)\Acer\Care Center\ACCPlugin\ACCTuneUpPlg.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00019296 _____ () C:\Program Files (x86)\Acer\Care Center\ACCNotifyShow.dll
2015-07-17 14:40 - 2015-07-17 14:40 - 00013152 _____ () C:\Program Files (x86)\Acer\Care Center\FullScreenDetector.dll
2015-04-07 15:27 - 2013-10-01 09:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-04-07 15:53 - 2012-04-24 10:43 - 00037352 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2016-01-19 15:06 - 2016-01-19 15:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-01-19 15:06 - 2016-01-19 15:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-11-16 19:55 - 2015-11-16 19:55 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-02-07 16:49 - 2016-02-07 16:49 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 17:12 - 2016-01-14 17:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 17:11 - 2016-01-14 17:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 00569856 _____ () C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 01400846 _____ () C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 00151054 _____ () C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 00222734 _____ () C:\Users\Stacie\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2016-02-07 17:02 - 2016-02-03 07:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
2016-02-07 17:02 - 2016-02-03 07:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\sharepoint.com -> hxxps://livewarringtonac.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\StartupApproved\Run: => "AcerCloud"
HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\StartupApproved\Run: => "Pokki"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90B92C0A-6338-4BEA-B3E0-70B268BEEAA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{40243A71-8361-44D7-BAAF-4DBA813683DC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6FCF0307-B9FD-4AAA-AF20-0BB0132C75F4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{20640A13-C5DA-44E6-ACA6-8013DAD31BF3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{12540755-9904-4A07-9D3C-6497F026D0DF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{AFCAE119-E91B-4BE3-8357-49049F455C7A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D75DA9B0-4ED3-4E61-8D46-A09FEFE4FFAE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{669AE168-E614-46BE-9A2A-9A05FE5B2666}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5C8C44A7-493B-45AA-BEEF-DAFBE07F9688}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BD4E59F5-2653-4761-A333-1D9D844ABF94}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ED0E24D3-5B83-42D5-94BF-8887CE957173}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5B695D04-B49D-4FDB-A804-81F872EC0E7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F8CC59B7-B283-4981-B1AD-65C659D9E864}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{601CDA19-79B0-4C1E-B39E-3090D6C9ADC8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8A9B6D73-363B-4C27-9F3F-F54546D9D526}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{80A1CE7B-C391-4CF8-8818-94B902E5DA2E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4F871BD4-7D01-4918-A998-EB4DAA629BE2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EE0DD3B7-7FE8-4CFA-82FE-AEA5CE9273FF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{57DA7FFE-AD9C-4762-B791-ADEE253C1D8C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{97C2D7EE-9E7D-4C79-BAA3-12F316B98E42}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{304A4A63-0169-40BE-9389-CEA570A361C3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9F70A80F-71C0-4D54-A1CE-D78B5B8A5947}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1951CCAF-A610-464F-8A78-3DD7D5E18869}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{0C253499-155E-4838-8ED7-BD67F9C03D5F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B2FF5CD7-E30D-41CC-A95E-CB61A5D57793}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{90FEEB2B-39A8-4BEA-B4BE-798D31D21A30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{42D1521A-842D-4707-80E7-2D5C78EE42E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C2031A88-3D4C-4A08-96D6-973E0DD71ABE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{29826C50-EE04-4858-BCE4-755EEF715639}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9439D569-EAFE-4FCC-B8A8-108AEE58422F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{82F9C9C3-1802-4CEC-8EC4-91949017C51F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35C00FB3-CAB2-4972-A7E7-C2A36A01DAE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4264D767-5DCA-45A1-A9E4-FF50B883D1C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D96F06E1-829B-417F-AC9A-0CA1B18516D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{28483B6A-2A3B-4A56-895F-94254BB8BCA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E8DBA5DB-DA00-48CC-9F84-3368584491AF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{170EBBAA-F10F-42D4-A6FC-BF46B5F75B35}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C2E4DDD2-EB7A-4B0B-A931-17F8BB383451}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{05B778B9-1CDC-4A8E-8BC0-46B34E45CD72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{69927736-1404-4995-A164-6F384A7612B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7642419D-3248-4459-A6E7-59F6FD3E8BC2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
23-01-2016 02:24:09 Scheduled Checkpoint
30-01-2016 13:54:58 Scheduled Checkpoint
04-02-2016 14:52:54 Installed Project My Screen App
08-02-2016 04:44:36 Removed Project My Screen App
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/08/2016 03:29:03 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2016 04:39:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2016 01:18:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 48.0.2564.103, time stamp: 0x56b11bc1
Faulting module name: delegate_execute.exe, version: 48.0.2564.103, time stamp: 0x56b11bc1
Exception code: 0x80000003
Fault offset: 0x00007f91
Faulting process ID: 0x114c
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report ID: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5
 
Error: (02/05/2016 02:00:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
 
Error: (02/05/2016 02:00:06 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {3671B6F1-A959-406A-81B4-B0AB5971DED6}
 
Error: (02/05/2016 02:00:06 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {3671B6F1-A959-406A-81B4-B0AB5971DED6}
 
Error: (02/04/2016 03:32:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/04/2016 03:16:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/04/2016 02:33:14 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
 
Error: (02/04/2016 02:33:14 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {3C129FC3-B77E-448A-B8DB-59D25A118C07}
 
 
System errors:
=============
Error: (02/08/2016 03:29:19 PM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/08/2016 03:28:49 PM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/08/2016 12:15:09 PM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/08/2016 12:14:39 PM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/08/2016 04:39:34 AM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/08/2016 04:39:04 AM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/07/2016 08:11:11 PM) (Source: DCOM) (EventID: 10010) (User: StacesAcer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/03/2016 01:55:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/03/2016 01:55:34 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/03/2016 01:54:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 77%
Total physical RAM: 1929.7 MB
Available physical RAM: 428.43 MB
Total Virtual: 3852.92 MB
Available Virtual: 1406.02 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:449.76 GB) (Free:419.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9BFAE307)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

Advertisements

#2
RKinner
Posted 09 February 2016 - 11:41 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that.  (Best to post the logs as you get them.  I don't mind multiple posts.  Please Copy and Paste unless I tell you otherwise as it makes them easier to read.)
 

Download aswMBR.exe 
to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
     
    Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     
     
     

     


    • 0

    #3
    SharpRose
    Posted 11 February 2016 - 05:33 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts
    OKAY, 
     
    Heres the fix log.
     
    Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
    Ran by Stacie (2016-02-11 21:56:54) Run:1
    Running from C:\Users\Stacie\Downloads
    Loaded Profiles: Stacie (Available Profiles: Stacie)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\MountPoints2: {cf1cab34-c2a3-11e5-826c-2c600c7c5e06} - "D:\autorun.exe" 
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\MountPoints2: {cf1cab3e-c2a3-11e5-826c-2c600c7c5e06} - "D:\autorun.exe" 
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\MountPoints2: {cf1cabae-c2a3-11e5-826c-2c600c7c5e06} - "D:\autorun.exe" 
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    Tcpip\..\Interfaces\{6900C5E0-B6E0-4702-9120-0F19581FD2D1}: [DhcpNameServer] 40.30.1.66
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-555111471-2403504220-3507946370-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
    Toolbar: HKLM-x32 - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://uk.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_28&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtCzzzy0DyD0EtA0AtD0DtN0D0Tzu0StCtBzzyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzzyDtA0FtCyE0BtGtAyByBtDtGtCtB0DtAtGtC0B0B0FtGtDtBtB0FtCzyyD0B0C0A0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0FtA0F0AtD0EtDtGzz0EyCtDtGyE0AtD0AtG0AyDzz0FtGyD0FtB0D0CtDyByEtD0EtB0C2QtN0A0LzuyE%26cr%3D1725030734%26a%3Dwny_ir_15_28%26os%3DWindows 7 Home Premium","hxxp://www.dregol.com/?f=7&a=drg_ir_15_28&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtCzzzy0DyD0EtA0AtD0DtN0D0Tzu0StCtBzztAtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0FyCyB0D0DtByDtGtDyCtDtAtG0AtCyD0BtGtAyB0EtDtG0BtDyEyDtByEyByBzzzyyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0FtA0F0AtD0EtDtGzz0EyCtDtGyE0AtD0AtG0AyDzz0FtGyD0FtB0D0CtDyByEtD0EtB0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzyCtB&cr=1522303241&ir=","hxxps://uk.search.yahoo.com/?type=994519&fr=yo-yhp-ch"
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
    Task: {90D97313-E939-4247-BC08-15F687248535} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
    EmptyTemp:
     
    *****************
     
    "HKU\S-1-5-21-555111471-2403504220-3507946370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf1cab34-c2a3-11e5-826c-2c600c7c5e06}" => key removed successfully
    HKCR\CLSID\{cf1cab34-c2a3-11e5-826c-2c600c7c5e06} => key not found. 
    "HKU\S-1-5-21-555111471-2403504220-3507946370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf1cab3e-c2a3-11e5-826c-2c600c7c5e06}" => key removed successfully
    HKCR\CLSID\{cf1cab3e-c2a3-11e5-826c-2c600c7c5e06} => key not found. 
    "HKU\S-1-5-21-555111471-2403504220-3507946370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf1cabae-c2a3-11e5-826c-2c600c7c5e06}" => key removed successfully
    HKCR\CLSID\{cf1cabae-c2a3-11e5-826c-2c600c7c5e06} => key not found. 
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6900C5E0-B6E0-4702-9120-0F19581FD2D1}\\DhcpNameServer => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
    HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
    "HKU\S-1-5-21-555111471-2403504220-3507946370-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully
    HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
    HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
    HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => key not found. 
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
    HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => key not found. 
    "HKCR\PROTOCOLS\Handler\dssrequest" => key removed successfully
    HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
    "HKCR\PROTOCOLS\Handler\sacore" => key removed successfully
    HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
    HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
    Chrome StartupUrls => removed successfully
    "HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{90D97313-E939-4247-BC08-15F687248535}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90D97313-E939-4247-BC08-15F687248535}" => key removed successfully
    C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
    EmptyTemp: => 589.2 MB temporary data Removed.
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 21:57:12 ====

    • 0

    #4
    SharpRose
    Posted 11 February 2016 - 05:34 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts
     
    The fix button wasnt enabled heres the log for the second instruction
     
    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2016-02-11 22:09:19
    -----------------------------
    22:09:19.157    OS Version: Windows x64 6.2.9200 
    22:09:19.157    Number of processors: 2 586 0x3708
    22:09:19.165    ComputerName: STACESACER  UserName: Stacie
    22:09:21.699    Initialize success
    22:09:22.316    VM: initialized successfully
    22:09:22.324    VM: Intel CPU supported 
    22:09:28.533    VM: supported disk I/O storport.sys
    22:09:56.641    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000027
    22:09:56.672    Disk 0 Vendor: WDC_WD5000LPVX-22V0TT0 01.01A01 Size: 476940MB BusType: 11
    22:09:56.829    VM: Disk 0 MBR read successfully
    22:09:56.844    Disk 0 MBR scan
    22:09:56.860    Disk 0 unknown MBR code
    22:09:56.875    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
    22:09:56.954    Disk 0 scanning C:\WINDOWS\system32\drivers
    22:10:11.226    Service scanning
    22:10:38.946    Modules scanning
    22:10:38.992    Disk 0 statistics 127070/0/5 @ 8.58 MB/s
    22:10:39.008    Scan finished successfully
    22:12:32.354    Disk 0 MBR has been saved successfully to "C:\Users\Stacie\Documents\MBR.dat"
    22:12:32.370    The log file has been saved successfully to "C:\Users\Stacie\Documents\aswMBR.txt"

    • 0

    #5
    SharpRose
    Posted 11 February 2016 - 05:34 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts
    THEN THE ADWARE CLEANER LOGS
     
    # AdwCleaner v5.033 - Logfile created 11/02/2016 at 22:18:47
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 8.1 Connected  (x64)
    # Username : Stacie - STACESACER
    # Running from : C:\Users\Stacie\Downloads\AdwCleaner.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
    Folder Found : C:\Users\Stacie\AppData\Roaming\Solvusoft
     
    ***** [ Files ] *****
     
    File Found : C:\WINDOWS\SysNative\roboot64.exe
     
    ***** [ DLL ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Registry ] *****
     
    Key Found : HKCU\Software\OCS
    Key Found : HKCU\Software\Classes\pokki
     
    ***** [ Web browsers ] *****
     
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.conduit.com
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : funmoods
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : r
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : toolbar.inbox.com
    [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearch.avg.com
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1535 bytes] ##########
     
     
    # AdwCleaner v5.033 - Logfile created 11/02/2016 at 22:23:17
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 8.1 Connected  (x64)
    # Username : Stacie - STACESACER
    # Running from : C:\Users\Stacie\Downloads\AdwCleaner.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
    [-] Folder Deleted : C:\Users\Stacie\AppData\Roaming\Solvusoft
     
    ***** [ Files ] *****
     
    [-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe
     
    ***** [ DLLs ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Registry ] *****
     
    [-] Key Deleted : HKCU\Software\OCS
    [-] Key Deleted : HKCU\Software\Classes\pokki
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : funmoods
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : r
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.inbox.com
    [-] [C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com
     
    *************************
     
    :: "Tracing" keys removed
    :: Winsock settings cleared
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1693 bytes] ##########
     
     
     
    IT QUARANTINED 
     
    C:\WINDOWS\SysNative\roboot64.exe->C:\AdwCleaner\Quarantine\C\WINDOWS\SysNative\roboot64.exe.vir

    • 0

    #6
    SharpRose
    Posted 11 February 2016 - 05:35 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts
    THEN THE JUNKWARE REMOVAL LOG
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 8.1 Connected x64 
    Ran by Stacie (Administrator) on 11/02/2016 at 22:34:25.90
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 0 
     
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/02/2016 at 22:37:34.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #7
    SharpRose
    Posted 11 February 2016 - 05:36 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts
    AND NOW FRST AGAIN 
     
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by Stacie (administrator) on STACESACER (11-02-2016 22:45:54)
    Running from C:\Users\Stacie\Downloads
    Loaded Profiles: Stacie (Available Profiles: Stacie)
    Platform: Windows 8.1 Connected (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    (Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera_crashreporter.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2016-02-11] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-07]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{2B728B98-5926-4F4F-BB1A-3684C4393821}: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{ECB8E448-8E2A-4C36-9A5F-1BD5BAA39653}: [DhcpNameServer] 192.168.42.129
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
    SearchScopes: HKU\S-1-5-21-555111471-2403504220-3507946370-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-555111471-2403504220-3507946370-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
    BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
     
    FireFox:
    ========
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-02] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR Profile: C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-01]
    CHR Extension: (Google Drive) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-01]
    CHR Extension: (YouTube) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-01]
    CHR Extension: (Facebook) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-02-02]
    CHR Extension: (Adblock Plus) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-07]
    CHR Extension: (Google Search) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-01]
    CHR Extension: (Google Sheets) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-01]
    CHR Extension: (SiteAdvisor) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-02]
    CHR Extension: (Vysor (Beta)) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2016-02-04]
    CHR Extension: (AdBlock) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-08]
    CHR Extension: (My Study Life) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2016-02-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-01]
    CHR Extension: (Gmail) - C:\Users\Stacie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
     
    Opera: 
    =======
    OPR Extension: (Adguard) - C:\Users\Stacie\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2016-02-08]
    OPR Extension: (Youtube - Most Popular) - C:\Users\Stacie\AppData\Roaming\Opera Software\Opera Stable\Extensions\oldapoiohefbnmggejjodihigclfhnka [2015-12-21]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2016-02-11] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2016-02-11] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2016-02-11] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2016-02-11] (Avira Operations GmbH & Co. KG)
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-05-07] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
    R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-02-11] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2016-02-11] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-11] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-02-11] (Avira Operations GmbH & Co. KG)
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7524016 2014-01-07] (Broadcom Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [173384 2014-04-08] (ELAN Microelectronic Corp.)
    S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
    R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
    S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-02-11 22:37 - 2016-02-11 22:37 - 00000554 _____ C:\Users\Stacie\Desktop\JRT.txt
    2016-02-11 22:33 - 2016-02-11 22:33 - 01609032 _____ (Malwarebytes) C:\Users\Stacie\Downloads\JRT.exe
    2016-02-11 22:17 - 2016-02-11 22:23 - 00000000 ____D C:\AdwCleaner
    2016-02-11 22:17 - 2016-02-11 22:17 - 01508352 _____ C:\Users\Stacie\Downloads\AdwCleaner.exe
    2016-02-11 22:15 - 2016-02-11 22:46 - 00013266 _____ C:\Users\Stacie\Documents\REPLY.txt
    2016-02-11 22:12 - 2016-02-11 22:12 - 00001270 _____ C:\Users\Stacie\Documents\aswMBR.txt
    2016-02-11 22:12 - 2016-02-11 22:12 - 00000512 _____ C:\Users\Stacie\Documents\MBR.dat
    2016-02-11 22:07 - 2016-02-11 22:07 - 05200384 _____ (AVAST Software) C:\Users\Stacie\Downloads\aswmbr.exe
    2016-02-11 21:56 - 2016-02-11 21:57 - 00007700 _____ C:\Users\Stacie\Downloads\Fixlog.txt
    2016-02-11 20:41 - 2016-02-11 20:41 - 01112816 _____ (Microsoft Corporation) C:\Users\Stacie\Downloads\Setup.X86.en-US_O365ProPlusRetail_0937e379-9d62-40f1-be3d-5c20883de035_TX_PR_.exe
    2016-02-10 20:09 - 2016-02-10 20:09 - 00002072 _____ C:\Users\Stacie\Desktop\Avira Free Antivirus Profile Scan for Rootkits and active malware.LNK
    2016-02-10 20:05 - 2016-02-10 20:05 - 00002153 _____ C:\Users\Stacie\Desktop\Avira Free Setup.lnk
    2016-02-09 04:26 - 2016-02-09 04:26 - 00001114 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
    2016-02-09 04:22 - 2016-02-11 15:48 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Avira
    2016-02-09 04:20 - 2016-02-11 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-02-09 04:18 - 2016-02-11 15:36 - 00000000 ____D C:\ProgramData\Avira
    2016-02-09 04:18 - 2016-02-11 15:24 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
    2016-02-09 04:18 - 2016-02-11 15:24 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
    2016-02-09 04:18 - 2016-02-11 15:24 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
    2016-02-09 04:18 - 2016-02-11 15:24 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
    2016-02-09 04:18 - 2016-02-09 04:26 - 00000000 ____D C:\Program Files (x86)\Avira
    2016-02-09 04:02 - 2016-02-09 04:02 - 02001540 _____ C:\Users\Stacie\Downloads\pc-decrapifier-3.0.0.exe
    2016-02-09 04:00 - 2016-02-09 04:01 - 01164184 _____ C:\Users\Stacie\Downloads\avira-free.exe
    2016-02-09 03:23 - 2016-02-09 03:24 - 03901072 _____ (solvusoft Corporation ) C:\Users\Stacie\Downloads\WinThruster_2016_Setup.exe
    2016-02-09 02:09 - 2016-02-11 21:57 - 00000000 ____D C:\Users\Stacie\AppData\LocalLow\Temp
    2016-02-09 02:03 - 2016-02-09 02:12 - 00352256 _____ C:\Users\Stacie\Documents\Database1.accdb
    2016-02-08 23:06 - 2016-02-08 23:09 - 00032411 _____ C:\Users\Stacie\Downloads\Addition.txt
    2016-02-08 23:01 - 2016-02-11 22:45 - 00015201 _____ C:\Users\Stacie\Downloads\FRST.txt
    2016-02-08 23:00 - 2016-02-11 22:45 - 00000000 ____D C:\FRST
    2016-02-08 22:59 - 2016-02-08 22:59 - 00001432 _____ C:\Users\Stacie\Desktop\FRST64 - Shortcut.lnk
    2016-02-08 22:54 - 2016-02-08 22:55 - 02370560 _____ (Farbar) C:\Users\Stacie\Downloads\FRST64 (1).exe
    2016-02-08 22:53 - 2016-02-08 22:55 - 02370560 _____ (Farbar) C:\Users\Stacie\Downloads\FRST64.exe
    2016-02-08 21:51 - 2016-02-08 21:51 - 00000000 ____D C:\Users\Stacie\AppData\Local\niemiro
    2016-02-08 21:50 - 2016-02-08 21:50 - 00001470 _____ C:\Users\Stacie\Desktop\SFCFix (1) - Shortcut.lnk
    2016-02-08 21:49 - 2016-02-08 21:49 - 02716160 _____ (niemiro) C:\Users\Stacie\Downloads\SFCFix (2).exe
    2016-02-08 21:48 - 2016-02-08 21:49 - 02716160 _____ (niemiro) C:\Users\Stacie\Downloads\SFCFix.exe
    2016-02-08 21:48 - 2016-02-08 21:49 - 02716160 _____ (niemiro) C:\Users\Stacie\Downloads\SFCFix (1).exe
    2016-02-08 03:49 - 2016-02-08 03:50 - 00000000 ____D C:\Users\Stacie\Documents\COLLEGE WORK
    2016-02-07 16:50 - 2016-02-07 16:50 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
    2016-02-07 16:50 - 2016-02-07 16:50 - 00001988 _____ C:\Users\Public\Desktop\Acer Portal.lnk
    2016-02-04 15:00 - 2016-02-04 15:00 - 00002283 _____ C:\Users\Stacie\Desktop\Chrome App Launcher.lnk
    2016-02-04 15:00 - 2016-02-04 15:00 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2016-02-04 15:00 - 2016-02-04 15:00 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2016-02-04 14:36 - 2016-02-04 14:36 - 00000516 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2016-02-01 18:52 - 2016-02-11 16:00 - 00002196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-01 18:52 - 2016-02-11 16:00 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-01 18:50 - 2016-02-11 22:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-01 18:50 - 2016-02-11 21:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-01 18:50 - 2016-02-02 12:58 - 00000000 ____D C:\Users\Stacie\AppData\Local\Google
    2016-02-01 18:50 - 2016-02-01 18:51 - 00000000 ____D C:\Program Files (x86)\Google
    2016-02-01 18:50 - 2016-02-01 18:50 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 18:50 - 2016-02-01 18:50 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-01-30 03:58 - 2016-01-30 03:58 - 00000000 ____D C:\Users\Stacie\Documents\Custom Office Templates
    2016-01-24 14:16 - 2016-02-11 22:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-24 14:16 - 2016-02-11 21:28 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2016-01-13 20:45 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-13 20:45 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-13 20:41 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-13 20:41 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-13 20:41 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-13 11:42 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-13 11:42 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-13 11:42 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-13 11:42 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-13 11:42 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-13 11:42 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-13 11:42 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-01-13 11:42 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-01-13 11:42 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-13 11:42 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-13 11:42 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-13 11:42 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-13 11:42 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-01-13 11:42 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-13 11:42 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-13 11:42 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-13 11:42 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-13 11:42 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-01-13 11:42 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-13 11:42 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-13 11:42 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-01-13 11:42 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2016-01-13 11:42 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-13 11:42 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 01798480 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-13 11:41 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
    2016-01-13 11:41 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
    2016-01-13 11:41 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-13 11:41 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-13 11:41 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
    2016-01-13 11:41 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-13 11:41 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
    2016-01-13 11:41 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
    2016-01-13 11:41 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-13 11:41 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
    2016-01-13 11:41 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-13 11:41 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-13 11:41 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
    2016-01-13 11:41 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-13 11:41 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
    2016-01-13 11:41 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-13 11:41 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
    2016-01-13 11:41 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-13 11:41 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-13 11:36 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-13 11:36 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-01-13 11:36 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-01-13 11:36 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-01-13 11:36 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-13 11:36 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-01-13 11:36 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-01-13 11:36 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-01-13 11:36 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-01-13 11:36 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-01-13 11:36 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-01-13 11:36 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-13 11:36 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-13 11:36 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-13 11:35 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-01-12 23:09 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-12 23:09 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-02-11 22:30 - 2015-12-01 18:29 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-555111471-2403504220-3507946370-1001
    2016-02-11 22:25 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-11 21:59 - 2015-12-02 15:43 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-02-11 21:59 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-11 21:56 - 2015-12-07 13:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2016-02-11 21:28 - 2015-12-02 15:43 - 00003862 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2016-02-11 21:01 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-11 20:47 - 2015-12-02 01:42 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-02-11 20:38 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-02-11 20:16 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-11 20:16 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-11 05:32 - 2013-08-22 15:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-09 04:26 - 2015-04-07 15:43 - 00000000 ____D C:\ProgramData\Package Cache
    2016-02-08 20:59 - 2014-03-18 09:47 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-08 19:31 - 2015-12-01 18:23 - 00000000 ____D C:\Users\Stacie\AppData\Local\Packages
    2016-02-08 06:43 - 2015-12-01 19:52 - 00000000 ____D C:\Users\Stacie\AppData\Local\CrashDumps
    2016-02-08 03:53 - 2016-01-10 07:42 - 00000000 ____D C:\Users\Stacie\AppData\Roaming\Foxit Software
    2016-02-08 02:32 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-07 20:11 - 2015-12-14 05:39 - 00000000 ___DO C:\Users\Stacie\OneDrive
    2016-02-07 16:50 - 2015-12-06 14:48 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
    2016-02-07 16:49 - 2014-07-15 08:17 - 00000000 ___HD C:\OEM
    2016-02-07 16:46 - 2015-04-07 15:43 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
    2016-02-07 16:43 - 2015-12-01 18:27 - 00000000 ____D C:\Users\Stacie\AppData\Local\clear.fi
    2016-02-07 16:02 - 2015-12-02 01:07 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1449018443
    2016-02-07 16:02 - 2015-12-02 01:07 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2016-02-07 16:02 - 2015-12-02 01:06 - 00000000 ____D C:\Program Files (x86)\Opera
    2016-01-25 03:57 - 2015-12-01 18:22 - 00000000 ____D C:\Users\Stacie
    2016-01-24 18:10 - 2015-12-02 15:37 - 00000000 ____D C:\Users\Stacie\AppData\Local\Adobe
    2016-01-21 16:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-15 22:57 - 2015-12-03 02:57 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-15 22:53 - 2015-12-03 02:57 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
     
    ==================== Files in the root of some directories =======
     
    2015-12-02 01:13 - 2015-12-02 01:13 - 0007606 _____ () C:\Users\Stacie\AppData\Local\Resmon.ResmonCfg
    2015-04-07 15:28 - 2015-04-07 15:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    Some files in TEMP:
    ====================
    C:\Users\Stacie\AppData\Local\Temp\avgnt.exe
    C:\Users\Stacie\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-02-04 15:15
     
    ==================== End of FRST.txt ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
    Ran by Stacie (2016-02-11 22:47:08)
    Running from C:\Users\Stacie\Downloads
    Windows 8.1 Connected (X64) (2015-12-01 18:22:47)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-555111471-2403504220-3507946370-500 - Administrator - Disabled)
    Guest (S-1-5-21-555111471-2403504220-3507946370-501 - Limited - Disabled)
    Stacie (S-1-5-21-555111471-2403504220-3507946370-1001 - Administrator - Enabled) => C:\Users\Stacie
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
    abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3006 - Acer Incorporated)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
    Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
    Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)
    Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.221 - Broadcom Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
    ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
    Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
    Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1 - Genesys Logic)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
    Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4797.1002 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-555111471-2403504220-3507946370-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {0C330B3C-3F0D-4679-9CE3-0CFDB5695EEB} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
    Task: {0E84AAFA-2F52-4D56-B14B-A9D21E3AC99F} - System32\Tasks\Opera scheduled Autoupdate 1449018443 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
    Task: {11328C02-7F1B-40D9-92DC-E36DE7875B4F} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
    Task: {11BE5489-2F52-4ED2-BC53-E959D6EE0741} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-17] ()
    Task: {3D610078-C4A5-47FF-A283-F2A13882CAB3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-11] (Microsoft Corporation)
    Task: {4162566D-36C1-4B2B-B241-745AC79DE177} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {4349BE07-0895-4870-81A5-DA3AD735D791} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-11] (Adobe Systems Incorporated)
    Task: {49AAE883-A404-41E9-80D4-D0CC5F7E1D78} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-17] (Acer Incorporated)
    Task: {4F9AAFBE-74E9-447A-8982-7D8997C91B05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-02] (Microsoft Corporation)
    Task: {54241D0D-F5DE-443F-A0FC-B3A611A98D84} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
    Task: {5507224A-423C-4160-A6AF-802D0A5E5FF2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
    Task: {5932353E-9AB5-4A73-93CD-EF5F8521E0BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
    Task: {6E878EBE-4524-418F-A2FD-F4FDDEC7CEEC} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
    Task: {6F5A56D8-D7F8-47D0-9F96-10D8D53B136B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
    Task: {7968C3A5-4F92-4D4A-B1DF-53DEF0471997} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-02] (Microsoft Corporation)
    Task: {7B78FE8E-3939-43D1-BA11-94C5F5C8EB89} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
    Task: {85AD32FE-1559-48F6-9EE2-A93F09E9C659} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
    Task: {88EE1A87-BE93-40E7-9EB6-627D36D9E487} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
    Task: {90E8D422-1B78-4DF9-8F5D-971768044F13} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-17] ()
    Task: {959795E2-A6D8-451B-9E3E-7010C8676679} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-17] ()
    Task: {97CDDB60-BD70-4D99-9A8D-B0FA054A35F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
    Task: {BF100BEE-13EF-4E5C-9E59-096985C221C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
    Task: {E62055D6-62C8-4C36-BE7E-D0ACEE1762CA} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
    Task: {EBA3D7EA-0B18-404C-B186-2D355EF4A5E8} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
    Task: {F29A9F72-B784-424D-93AF-9DDF3436E067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2014-02-18 19:02 - 2014-02-18 19:02 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2015-12-02 01:42 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-04-07 15:53 - 2012-04-24 10:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2016-02-07 16:02 - 2016-02-07 16:01 - 62319736 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\opera.dll
    2016-02-07 16:02 - 2016-02-07 15:58 - 02074232 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libglesv2.dll
    2016-02-07 16:02 - 2016-02-07 15:58 - 00081528 _____ () C:\Program Files (x86)\Opera\35.0.2066.37\libegl.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE trusted site: HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\sharepoint.com -> hxxps://livewarringtonac.sharepoint.com
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
    DNS Servers: 192.168.43.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\StartupApproved\Run: => "AcerCloud"
    HKU\S-1-5-21-555111471-2403504220-3507946370-1001\...\StartupApproved\Run: => "Pokki"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{90B92C0A-6338-4BEA-B3E0-70B268BEEAA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{40243A71-8361-44D7-BAAF-4DBA813683DC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{6FCF0307-B9FD-4AAA-AF20-0BB0132C75F4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{20640A13-C5DA-44E6-ACA6-8013DAD31BF3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{12540755-9904-4A07-9D3C-6497F026D0DF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{AFCAE119-E91B-4BE3-8357-49049F455C7A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{D75DA9B0-4ED3-4E61-8D46-A09FEFE4FFAE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{669AE168-E614-46BE-9A2A-9A05FE5B2666}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{5C8C44A7-493B-45AA-BEEF-DAFBE07F9688}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{BD4E59F5-2653-4761-A333-1D9D844ABF94}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{ED0E24D3-5B83-42D5-94BF-8887CE957173}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5B695D04-B49D-4FDB-A804-81F872EC0E7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{F8CC59B7-B283-4981-B1AD-65C659D9E864}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{601CDA19-79B0-4C1E-B39E-3090D6C9ADC8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{8A9B6D73-363B-4C27-9F3F-F54546D9D526}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{80A1CE7B-C391-4CF8-8818-94B902E5DA2E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{4F871BD4-7D01-4918-A998-EB4DAA629BE2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{1951CCAF-A610-464F-8A78-3DD7D5E18869}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{0C253499-155E-4838-8ED7-BD67F9C03D5F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{B2FF5CD7-E30D-41CC-A95E-CB61A5D57793}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{90FEEB2B-39A8-4BEA-B4BE-798D31D21A30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{42D1521A-842D-4707-80E7-2D5C78EE42E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{C2031A88-3D4C-4A08-96D6-973E0DD71ABE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{29826C50-EE04-4858-BCE4-755EEF715639}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{9439D569-EAFE-4FCC-B8A8-108AEE58422F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{82F9C9C3-1802-4CEC-8EC4-91949017C51F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{35C00FB3-CAB2-4972-A7E7-C2A36A01DAE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{4264D767-5DCA-45A1-A9E4-FF50B883D1C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{D96F06E1-829B-417F-AC9A-0CA1B18516D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{28483B6A-2A3B-4A56-895F-94254BB8BCA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{E8DBA5DB-DA00-48CC-9F84-3368584491AF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{170EBBAA-F10F-42D4-A6FC-BF46B5F75B35}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{C2E4DDD2-EB7A-4B0B-A931-17F8BB383451}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{05B778B9-1CDC-4A8E-8BC0-46B34E45CD72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{69927736-1404-4995-A164-6F384A7612B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{C7F20675-8286-40E1-ADB4-D594B76E0FB0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    23-01-2016 02:24:09 Scheduled Checkpoint
    30-01-2016 13:54:58 Scheduled Checkpoint
    04-02-2016 14:52:54 Installed Project My Screen App
    08-02-2016 04:44:36 Removed Project My Screen App
    11-02-2016 22:34:34 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/11/2016 10:03:31 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8
     
    Error: (02/11/2016 08:39:04 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (02/09/2016 01:58:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StacesAcer)
    Description: Activation of application winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (02/09/2016 01:57:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StacesAcer)
    Description: Activation of application winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (02/08/2016 03:29:03 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (02/08/2016 04:39:28 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (02/08/2016 01:18:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: delegate_execute.exe, version: 48.0.2564.103, time stamp: 0x56b11bc1
    Faulting module name: delegate_execute.exe, version: 48.0.2564.103, time stamp: 0x56b11bc1
    Exception code: 0x80000003
    Fault offset: 0x00007f91
    Faulting process ID: 0x114c
    Faulting application start time: 0xdelegate_execute.exe0
    Faulting application path: delegate_execute.exe1
    Faulting module path: delegate_execute.exe2
    Report ID: delegate_execute.exe3
    Faulting package full name: delegate_execute.exe4
    Faulting package-relative application ID: delegate_execute.exe5
     
    Error: (02/05/2016 02:00:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936
     
    Error: (02/05/2016 02:00:06 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {3671B6F1-A959-406A-81B4-B0AB5971DED6}
     
    Error: (02/05/2016 02:00:06 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {3671B6F1-A959-406A-81B4-B0AB5971DED6}
     
     
    System errors:
    =============
    Error: (02/11/2016 10:24:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
     
    Error: (02/11/2016 10:24:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
     
    Error: (02/11/2016 10:24:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
     
    Error: (02/11/2016 10:23:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    %%1056
     
    Error: (02/11/2016 10:23:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Experience Improvement Program service terminated unexpectedly. It has done this 1 time(s).
     
    Error: (02/11/2016 10:23:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Quick Access RadioMgr Service service terminated unexpectedly. It has done this 1 time(s).
     
    Error: (02/11/2016 10:23:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (02/11/2016 10:23:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Quick Access Service service terminated unexpectedly. It has done this 1 time(s).
     
    Error: (02/11/2016 10:23:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (02/11/2016 10:23:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s).
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
    Percentage of memory in use: 58%
    Total physical RAM: 1929.7 MB
    Available physical RAM: 804.49 MB
    Total Virtual: 3209.7 MB
    Available Virtual: 1564.61 MB
     
    ==================== Drives ================================
     
    Drive c: (Acer) (Fixed) (Total:449.76 GB) (Free:416.14 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 9BFAE307)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================

    • 0

    #8
    SharpRose
    Posted 11 February 2016 - 05:37 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts
    now process explorer
     
     
    I coudnt find the file procexp.txt but heres the log it saved 
     
    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 75.29 0 K 4 K 0
    procexp64.exe 9.51 19,060 K 42,956 K 2736 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    dwm.exe 4.91 33,396 K 26,700 K 812
    System 3.19 12,860 K 12,556 K 4
    Avira.ServiceHost.exe 2.10 38,440 K 4,012 K 1928 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
    Interrupts 1.66 0 K 0 K n/a Hardware Interrupts and DPCs
    explorer.exe 1.66 69,200 K 89,760 K 1456 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 0.61 2,208 K 26,384 K 532
    lsass.exe 0.31 4,172 K 9,212 K 624 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 0.29 4,328 K 9,652 K 684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 0.22 12,676 K 18,112 K 1432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    opera.exe 0.11 29,136 K 64,564 K 2616 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    svchost.exe 0.06 12,428 K 19,884 K 696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    CCleaner64.exe 0.03 6,940 K 13,800 K 4500
    svchost.exe 0.01 49,744 K 60,016 K 312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    RichVideo.exe 0.01 1,136 K 4,412 K 1444 RichVideo Module (Verified) CyberLink
    avgnt.exe 0.01 8,732 K 4,764 K 4460 Avira system tray application Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
    svchost.exe 0.01 3,884 K 6,920 K 728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    officeclicktorun.exe 0.01 30,000 K 35,464 K 1876 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
    avguard.exe < 0.01 228,224 K 25,084 K 1692 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
    WmiPrvSE.exe 2,044 K 6,208 K 2676
    wlanext.exe 1,396 K 5,152 K 1088
    winlogon.exe 1,400 K 5,388 K 576
    wininit.exe 804 K 3,416 K 524
    unsecapp.exe 1,280 K 5,704 K 4024
    unsecapp.exe 1,044 K 4,800 K 2568
    unsecapp.exe 1,308 K 5,664 K 924 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    unsecapp.exe 1,308 K 5,440 K 2600
    UBTService.exe 17,544 K 18,376 K 3380 UEIPSvc acer (Verified) Acer Incorporated
    taskeng.exe 1,100 K 4,608 K 4872
    svchost.exe 18,296 K 31,420 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,260 K 11,416 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 14,620 K 18,712 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 880 K 4,188 K 3880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,816 K 5,632 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    spoolsv.exe 3,268 K 9,056 K 1176 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 272 K 828 K 292
    services.exe 2,620 K 6,020 K 616
    SearchIndexer.exe 20,252 K 20,368 K 3784 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    sched.exe 4,352 K 3,540 K 1220 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
    RMSvc.exe 1,408 K 5,716 K 200 RMSvc Acer Incorporate (Verified) Acer Incorporated
    QASvc.exe 932 K 3,808 K 3180 QASvc Acer Incorporate (Verified) Acer Incorporated
    procexp.exe 2,244 K 7,260 K 2104 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    PresentationFontCache.exe 25,404 K 16,952 K 3944 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
    opera_crashreporter.exe 3,708 K 5,444 K 3412 Opera crash-reporter Opera Software (Verified) Opera Software ASA
    opera.exe 66,372 K 84,848 K 1368 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    opera.exe 35,540 K 26,756 K 1624 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    opera.exe 52,148 K 58,060 K 2636 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    opera.exe 31,632 K 45,548 K 1688 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    opera.exe 37,848 K 53,924 K 1256 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    opera.exe 26,576 K 32,272 K 4936 Opera Internet Browser Opera Software (Verified) Opera Software ASA
    notepad.exe 1,760 K 7,520 K 4196 Notepad Microsoft Corporation (Verified) Microsoft Windows
    LMSvc.exe 1,324 K 4,896 K 2020 LMSvc Acer Incorporate (Verified) Acer Incorporated
    igfxCUIService.exe 1,220 K 5,008 K 1012 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
    HeciServer.exe 1,208 K 4,556 K 1992 Intel® Capability Licensing Service Interface Intel® Corporation (No signature was present in the subject) Intel® Corporation
    ePowerSvc.exe 2,056 K 7,060 K 1576 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
    dllhost.exe 3,012 K 8,144 K 4800 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 1,760 K 3,628 K 460
    conhost.exe 644 K 2,620 K 1924
    conhost.exe 600 K 2,488 K 1108
    CCDMonitorService.exe 1,764 K 1,964 K 1828 CCD Monitor Service Acer Incorporated (Verified) Acer Incorporated
    ccd.exe 24,884 K 23,464 K 1904
    btwdins.exe 1,888 K 6,020 K 1792 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
    avshadow.exe 1,132 K 3,344 K 3528

    • 0

    #9
    SharpRose
    Posted 11 February 2016 - 05:40 PM

    SharpRose

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    and speccy 

    Attached Files


    • 0

    #10
    RKinner
    Posted 11 February 2016 - 06:57 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    Copy the next line

    DISM /Online /Cleanup-Image /RestoreHealth

    Open a Command Prompt (Admin) either by the Windows key + x and select Command Prompt (admin) or search for cmd.exe and then right click on the found cmd.exe and run as administrator.

     

    Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.

     

    This will take longer than SFC /SCANNOW  and the PC must be connected to the Internet while it runs.  Once it finishes, run 

     

    sfc /scannow

     

    if it fails to fix everything this time copy the next two lines:

     

    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 

    Then move to the Command Prompt (admin) and paste it in as before.  Hit Enter if notepad does not open.  Copy and paste the text from notepad.

     

     

    Looking at your process explorer log I suspect one of your drivers is poorly written.  Go to Acer's site and see if they have any new drivers for you.  You can also go into Windows Updates - sometimes the optional offerings are drivers.


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP