Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think someone might be tracking my passwords?

malware passwords phishing

  • This topic is locked This topic is locked

#1
abandonX

abandonX

    New Member

  • Member
  • Pip
  • 7 posts

Hi everyone, I hope you're all doing well.  Before I begin to explain my conundrum, I would like to explain that there is always the slight possibility that there might be nothing wrong with my computer.  But here it goes anyway, since the possibility that something might be wrong is making me afraid to log into my accounts.

 

My OS is Windows 8.1 (64-bit).

My primary browser is Google Chrome.

 

Yesterday, I downloaded a suspicious file (from Chrome) that appeared to be a video file.  The icon of the downloaded file was that of an orange cone (VLC media player).  Expecting it to be a video, I opened the file on VLC.  There was no video - instead, the top part of the window (where it says 'VLC media player') started flashing with random file names and bits of code (I think).  Then it stopped flashing and returned to the reguIar 'VLC media player'.  I closed VLC and immediately deleted the file.  My first suspicion was that the downloaded file might have unleashed some sort of malicious code onto my computer.

 

After reviewing comments from others who have downloaded and executed the file, I came to the conclusion that what I unleashed might have been Python code, which then lead me to think that my computer might have been hacked as a result (by that, I mean by someone who is tracking and storing my login information).

 

After running two separate scans with both Malwarebytes (Premium) and Malwarebytes Anti-Rootkit (beta), I was surprised to find out that they didn't detect anything.  So far, I have not received any notifications from any of my accounts of someone else trying to change my passwords (I have only logged onto Facebook since I downloaded the suspicious file).

 

However, I can't help but feel that the code I unleashed on my computer is still there - probably waiting for me to log into my financial accounts.

 

May someone please take a look at my Farbar reports to see if there is something wrong my computer?

 

Thank you in advance.  I hope to resolve my situation soon.

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Tommy (administrator) on METAGROSS (12-02-2016 19:05:54)
Running from C:\Users\Tommy\Desktop
Loaded Profiles: Tommy &  (Available Profiles: Tommy)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.5.0\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.5.0\node_modules\triggers\bin\lightevt.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1380056 2014-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [bdruninstaller] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:bnPMVVU644nUNQtpjZPZijKFSJ8 /after_restart"
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-03-24] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-08-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-30] (Disc Soft Ltd)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [Dropbox Update] => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\MountPoints2: {a732514c-97ab-11e5-827e-f0761c315596} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-30] (Disc Soft Ltd)
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a732514c-97ab-11e5-827e-f0761c315596} - "F:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{880B7E80-40E2-4109-8E07-B25FDBBAFE8E}: [DhcpNameServer] 204.239.154.189 204.239.154.201
Tcpip\..\Interfaces\{A6847028-BA72-4E0F-B63F-5332253B888D}: [DhcpNameServer] 64.59.144.100 64.59.150.143
 
Internet Explorer:
==================
HKU\S-1-5-21-564993757-659052750-1084754678-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001 -> DefaultScope {3B7A7AC4-AA87-11E4-8269-F0761C315596} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001 -> {0CBCB94F-3339-49E4-ABA6-53557E4F4C00} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {3B7A7AC4-AA87-11E4-8269-F0761C315596} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0CBCB94F-3339-49E4-ABA6-53557E4F4C00} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default
FF DefaultSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\searchplugins\startpage-ssl.xml [2015-08-06]
FF Extension: Greasemonkey - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-08-06]
FF Extension: Ghostery - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\Extensions\[email protected] [2015-08-06]
FF Extension: Privacy Settings - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\Extensions\[email protected] [2015-08-06]
FF Extension: uBlock Origin - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\Extensions\[email protected] [2016-02-11]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://facebook.com/","hxxp://www.youtube.com/","hxxps://startpage.com/do/mypage.pl?prf=39f4bb54888fd00ba47c1310e59fb9c7"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (uBlock Origin) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-11]
CHR Extension: (Google Search) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (PasswordBox - Free Password Manager) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb [2015-09-29]
CHR Extension: (Security Plus) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2015-07-14]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-02-11]
CHR Extension: (Google Sheets) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Stylish) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Disconnect) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-21]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-02-10]
CHR Extension: (Hide YouTube Comments) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehdmnjmaakacofbgmjgjapbbibhafoh [2015-12-17]
CHR Extension: (Morpheon Dark) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2015-04-21]
CHR Extension: (Ghostery) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-29]
CHR Extension: (Save to Pocket) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-10-16]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-01-13] (Fork, Ltd.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [243448 2015-12-29] (RaMMicHaeL)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-03] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-13] (Realsil Semiconductor Corporation)
S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 19:05 - 2016-02-12 19:06 - 00030119 _____ C:\Users\Tommy\Desktop\FRST.txt
2016-02-12 19:04 - 2016-02-12 19:04 - 02370560 _____ (Farbar) C:\Users\Tommy\Desktop\FRST64.exe
2016-02-12 19:00 - 2016-02-12 19:05 - 00000000 ____D C:\FRST
2016-02-12 14:24 - 2016-02-12 14:26 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\vlc
2016-02-12 14:09 - 2016-02-12 14:09 - 00001046 _____ C:\Users\Public\Desktop\VLC.lnk
2016-02-12 14:09 - 2016-02-12 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-02-12 03:01 - 2016-02-12 12:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-12 02:48 - 2016-02-12 12:18 - 00000000 ____D C:\Users\Tommy\Desktop\mbar
2016-02-12 02:47 - 2016-02-12 02:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Tommy\Desktop\mbar-1.09.3.1001.exe
2016-02-11 23:57 - 2016-02-12 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FocusWriter
2016-02-11 23:57 - 2016-02-11 23:57 - 00001037 _____ C:\Users\Tommy\Desktop\FocusWriter.lnk
2016-02-11 23:57 - 2016-02-11 23:57 - 00000000 ____D C:\Users\Tommy\AppData\Local\GottCode
2016-02-11 23:56 - 2016-02-11 23:57 - 00000000 ____D C:\Program Files (x86)\FocusWriter
2016-02-10 01:39 - 2016-02-10 01:39 - 00085227 _____ C:\Users\Tommy\Downloads\Workshop 1 - Farjad Farahmand.pdf
2016-02-10 01:38 - 2016-02-10 01:38 - 00047538 _____ C:\Users\Tommy\Downloads\Eng 391 - Now Playing.pdf
2016-02-06 01:41 - 2016-02-06 01:41 - 00082349 _____ C:\Users\Tommy\Downloads\DEVELOPMENT BUDGET.pdf
2016-02-04 10:44 - 2016-02-04 10:44 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2016-02-04 10:44 - 2016-02-04 10:44 - 00001990 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2016-01-28 02:09 - 2016-01-28 02:10 - 00000000 ____D C:\Users\Tommy\Desktop\MOPA 402
2016-01-28 02:01 - 2016-01-28 02:01 - 00000000 ____D C:\Users\Tommy\Documents\Bluetooth Folder
2016-01-24 17:37 - 2016-01-24 17:37 - 00012553 _____ C:\Users\Tommy\Downloads\Such is Life in Eszterovia-4.pdf
2016-01-24 17:37 - 2016-01-24 17:37 - 00007078 _____ C:\Users\Tommy\Downloads\Two's a Crowd.pdf
2016-01-18 23:37 - 2016-01-24 19:30 - 00000000 ____D C:\Users\Tommy\Desktop\E-books
2016-01-18 22:41 - 2016-02-12 03:21 - 00000000 ____D C:\Program Files\PeerBlock
2016-01-18 22:41 - 2016-01-21 16:41 - 00001796 _____ C:\Users\Tommy\Desktop\PeerBlock.lnk
2016-01-18 22:41 - 2016-01-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-01-18 21:02 - 2016-01-18 21:02 - 00000000 ____D C:\Users\Tommy\Documents\Expression
2016-01-15 01:33 - 2016-02-04 19:41 - 00000000 ____D C:\Users\Tommy\Desktop\Creative Writing
2016-01-13 00:55 - 2016-02-07 01:54 - 00000000 ____D C:\Users\Tommy\Desktop\ENG 391 - please read and comment
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 19:02 - 2015-08-06 12:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-12 18:45 - 2014-12-24 00:04 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 18:24 - 2015-02-18 01:48 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for METAGROSS-Tommy Metagross
2016-02-12 18:18 - 2015-06-19 18:08 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001UA.job
2016-02-12 18:13 - 2014-12-24 02:50 - 00000000 ___RD C:\Users\Tommy\Dropbox
2016-02-12 18:13 - 2014-12-24 02:47 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Dropbox
2016-02-12 18:13 - 2014-12-24 00:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-12 18:13 - 2014-12-24 00:04 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 18:13 - 2014-12-23 23:52 - 00000000 ___RD C:\Users\Tommy\OneDrive
2016-02-12 14:30 - 2014-12-23 23:53 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-564993757-659052750-1084754678-1001
2016-02-12 02:05 - 2014-12-24 02:25 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\uTorrent
2016-02-12 00:26 - 2015-01-22 00:12 - 00000000 ____D C:\Users\Tommy\AppData\Local\gtk-2.0
2016-02-12 00:26 - 2014-12-23 23:44 - 00000000 ____D C:\Users\Tommy
2016-02-12 00:14 - 2015-11-27 01:15 - 00000000 ____D C:\Users\Tommy\Desktop\TV Series
2016-02-12 00:12 - 2014-03-18 02:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-12 00:12 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-02-11 23:43 - 2014-12-31 01:10 - 00000000 ____D C:\Users\Tommy\Documents\Screenplays to Read
2016-02-11 23:18 - 2015-06-19 18:08 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001Core.job
2016-02-11 19:04 - 2015-01-07 06:36 - 00393728 ___SH C:\Users\Tommy\Downloads\Thumbs.db
2016-02-11 18:59 - 2015-08-03 19:54 - 00000000 ____D C:\ProgramData\Oracle
2016-02-11 18:59 - 2015-01-13 22:02 - 00642048 ___SH C:\Users\Tommy\Desktop\Thumbs.db
2016-02-11 18:58 - 2015-08-31 21:53 - 00000000 ____D C:\Users\Tommy\.oracle_jre_usage
2016-02-11 18:58 - 2015-08-03 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-11 18:58 - 2015-08-03 20:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-11 18:57 - 2015-08-03 20:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-11 18:56 - 2014-12-23 23:56 - 00000000 ____D C:\Users\Tommy\AppData\Local\CrashDumps
2016-02-10 13:49 - 2014-12-24 00:04 - 00002196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 02:43 - 2015-02-02 01:47 - 00000000 ____D C:\Users\Tommy\Documents\Stuff I Did This Year
2016-02-09 19:02 - 2015-08-06 12:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 15:07 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-08 22:50 - 2014-12-28 22:40 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2016-02-08 18:21 - 2015-09-04 21:45 - 00000000 ____D C:\Users\Tommy\Desktop\My Favourite Videos
2016-02-08 17:45 - 2015-11-02 18:29 - 00000000 ____D C:\ProgramData\ProductData
2016-02-08 01:43 - 2014-12-31 01:10 - 00000000 ____D C:\Users\Tommy\Documents\Poetry
2016-02-07 19:02 - 2015-03-31 23:31 - 00000000 ____D C:\Users\Tommy\Desktop\Advice For Screenwriters
2016-02-04 10:44 - 2015-07-20 10:53 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2016-02-04 10:44 - 2014-12-23 23:49 - 00000000 ____D C:\Users\Tommy\AppData\Local\clear.fi
2016-02-04 10:44 - 2014-07-25 05:27 - 00000000 ___HD C:\OEM
2016-02-04 10:44 - 2014-07-25 04:49 - 00000000 ____D C:\Program Files (x86)\Acer
2016-02-04 10:43 - 2014-07-25 04:49 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-02-04 02:17 - 2014-12-23 23:47 - 00000000 ____D C:\Users\Tommy\AppData\Local\Packages
2016-02-02 17:40 - 2014-12-24 00:04 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 17:40 - 2014-12-24 00:04 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 01:00 - 2014-12-25 11:57 - 00000000 ____D C:\Users\Tommy\Desktop\Movies
2016-01-29 23:01 - 2015-11-29 19:01 - 00000000 ____D C:\Users\Tommy\Desktop\Western Digital
2016-01-29 20:46 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\registration
2016-01-29 20:40 - 2015-11-29 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2016-01-29 20:40 - 2015-11-29 18:45 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-01-29 20:40 - 2014-07-25 04:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-28 02:09 - 2015-09-21 22:16 - 00000000 ____D C:\Users\Tommy\Documents\Capilano U. Assignments Year 4
2016-01-28 02:05 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-28 02:01 - 2014-09-30 04:25 - 00000000 ____D C:\ProgramData\Atheros
2016-01-24 00:49 - 2014-12-30 23:33 - 00000000 ____D C:\Users\Tommy\Documents\Last Chance Animator
2016-01-21 16:41 - 2015-12-12 22:39 - 00000000 ____D C:\ProgramData\Unchecky
2016-01-19 19:24 - 2015-03-11 21:45 - 00000000 ____D C:\Users\Tommy\Documents\Passwords
2016-01-13 00:56 - 2015-10-30 19:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 00:56 - 2014-12-25 11:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2015-12-31 20:53 - 2015-12-31 20:53 - 0015743 _____ () C:\Users\Tommy\AppData\Local\recently-used.xbel
2014-12-31 23:24 - 2014-12-31 23:24 - 0205815 _____ () C:\ProgramData\1420096811.bdinstall.bin
2015-01-04 17:58 - 2015-01-04 17:58 - 0037670 _____ () C:\ProgramData\1420423070.bdinstall.bin
2015-01-04 18:17 - 2015-01-04 18:17 - 0098505 _____ () C:\ProgramData\1420423080.bdinstall.bin
2014-09-30 04:22 - 2014-09-30 04:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Tommy\AppData\Local\Temp\jre-8u73-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-09 12:03
 
==================== End of FRST.txt ============================
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Tommy (2016-02-12 19:07:47)
Running from C:\Users\Tommy\Desktop
Windows 8.1 (X64) (2014-12-24 07:46:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-564993757-659052750-1084754678-500 - Administrator - Disabled)
Guest (S-1-5-21-564993757-659052750-1084754678-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-564993757-659052750-1084754678-1003 - Limited - Enabled)
Tommy (S-1-5-21-564993757-659052750-1084754678-1001 - Administrator - Enabled) => C:\Users\Tommy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3004 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{FF0A904E-8827-4F6E-9A59-900D4C997AD1}) (Version: 1.0.8 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.0.163 - Final Draft, Inc.)
Flixster (HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
Flixster (HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.5.5 - Graeme Gott)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
Intel® Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Prey Anti-Theft (x32 Version: 1.3.6 - Prey, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
RonyaSoft CD DVD Label Maker 3.01 (HKLM-x32\...\RonyaSoft CD DVD Label Maker) (Version: 3.01 - RonyaSoft)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
System Requirements Lab Detection (HKLM-x32\...\{42E5879C-8303-46E3-B783-A461A17A18B0}) (Version: 6.1.6.0 - Husdawg, LLC)
Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WD Backup (HKLM-x32\...\{953eccd5-26ad-450b-af24-c50227e0fb74}) (Version: 1.2.5721.28811 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.2.5721.28811 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{163952d1-3ca7-4e98-a686-cc0c227c7447}) (Version: 1.2.0.85 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.2.0.85 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0058210E-2BF8-499B-B5AB-761EC1F7233A} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {0320A381-95E6-435B-9DD3-7B535B15E4A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001UA => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {0451F55E-4B7F-44F4-8DB8-6F3184E47F40} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
Task: {04D33159-1B0B-4EF1-9086-A8782792D844} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {13F60994-7B1E-45DC-A8E5-892088864544} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {182870E2-9A2B-4DF1-B2F8-2AA853927887} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {1EF8135C-A027-4F37-8CD1-BBD37004C33B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {35C9C024-3788-47F6-9276-FBA1EC42D204} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {3AD61090-C93E-445C-BE04-2A9455B5ED90} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {3ED5350E-F568-45B4-95E2-6D416956ABFF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {4D72E217-8833-4589-B216-08502F49F24B} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {55A2227E-584B-4C6B-A6A9-533B726232A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {58A9A932-7788-486D-8471-D68E6FD07B4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {58FD8FF2-03E1-4726-BE71-02D30F4C6DBF} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {5A2A9FAF-D31C-4720-B995-92CEF679940A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {60FD5A9E-3447-4A95-948E-3EBCB10D80C1} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {6BB78A72-7EF5-4983-B347-FC6B1B02E233} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {6C5EB362-B214-4C03-89B5-5A502871AA1C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {7649FAE5-6653-441C-A507-D0A3E053CDD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7E0539C1-7133-4F17-BF5F-118779CF963A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {97B73684-2CBD-4559-BD69-63FBC549C85A} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {9E80FF9A-0CD2-43E0-86B4-E2C33AD27118} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {A1ED9AED-1A0D-4438-9EF4-39545FFB0425} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {A1F8885D-6B53-4E3C-A3B2-E49AA60BD73C} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {A4962B56-A98A-45A0-B144-60B39E83FB6A} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {A8750FB8-0F17-49EE-9945-65265E28C952} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {AD8431F0-8FD5-4C92-B256-6219B8134F1A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {B2A52CD7-EDB1-4246-B134-6A4172B15177} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-28] ()
Task: {B91F6C83-1660-433B-BB1F-0ADDAEE5A166} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {CA379B68-E19E-40E4-BFFF-2510FF24E94F} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {D0B34DED-F265-4426-A972-8AB6BB1C05E5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001Core => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {DC00C285-561C-41FD-95BB-95F0A03192B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E86FBEA7-5905-4ECF-B9D9-6BC994EA0D56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F649CBF2-F6A5-46C5-9326-7517DD1D06A3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {F68E0C8C-3391-4A78-A1AB-BFAC06C95202} - System32\Tasks\Microsoft Office 15 Sync Maintenance for METAGROSS-Tommy Metagross => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001Core.job => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001UA.job => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-12-03 12:43 - 2015-12-03 12:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2012-10-01 19:34 - 2012-10-01 19:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-25 21:14 - 2014-02-25 21:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 21:11 - 2014-02-25 21:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 21:17 - 2014-02-25 21:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-03-18 17:35 - 2014-03-07 08:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-23 18:44 - 2015-11-23 18:44 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-30 04:11 - 2013-12-09 15:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-10-01 19:33 - 2012-10-01 19:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-02 18:28 - 2015-10-27 14:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2015-09-13 18:09 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2016-01-19 15:06 - 2016-01-19 15:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-01-19 15:06 - 2016-01-19 15:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-12-11 00:20 - 2015-10-30 16:59 - 00034768 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00022848 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00023352 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00042296 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00116688 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 00:20 - 2015-10-30 16:59 - 00093640 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00018376 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00019760 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00105928 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00392144 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 00:20 - 2015-12-08 13:36 - 00381752 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00692688 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020816 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00109520 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 01737032 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020808 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020800 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00021840 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00038696 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00024528 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00020936 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00114640 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00021320 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00124880 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00030160 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00043472 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00175560 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00028616 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00048592 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00024392 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00036296 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 00:20 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00117056 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00023376 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00134608 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00134088 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00240584 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020280 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00052024 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00021304 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00350152 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00084792 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 00:20 - 2015-12-08 13:36 - 01826608 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00083912 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 03891504 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 01950000 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00519984 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00133936 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00225080 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00207672 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00024904 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00486704 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00357680 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 13:45 - 2015-10-30 17:01 - 00019920 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 13:45 - 2015-10-30 17:00 - 00786904 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 23:07 - 2015-10-30 17:00 - 00063448 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 13:45 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-11-16 19:55 - 2015-11-16 19:55 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-02-04 10:44 - 2016-02-04 10:44 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 17:12 - 2016-01-14 17:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 17:11 - 2016-01-14 17:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2016-02-10 13:49 - 2016-02-09 03:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-10 13:49 - 2016-02-09 03:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2016-02-10 13:49 - 2016-02-09 03:58 - 16810824 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Tommy\Desktop\Digital Copy.iso:com.dropbox.attributes
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2016-01-28 02:05 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-564993757-659052750-1084754678-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tommy\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.jpg
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Tommy\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.jpg
DNS Servers: 64.59.144.100 - 64.59.150.143
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{069649DC-C5AA-4825-8430-220FAC652650}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E5D52499-7EB6-41E6-A4B5-EB5610DFCC50}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E9F87341-54D0-4807-9C24-5B4F629A03FE}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{274D9364-AAC7-4890-88F5-90E68E59E925}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{52C5BC4B-3961-49BD-A872-73E3CBE0AFB6}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FA3AB506-97C8-40FE-886D-DDE879AF06DA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9DCD638C-8558-4D54-BB5A-D4CA36956801}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9B19EC97-7804-4528-98E1-0A910612046A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8534EB21-FC3B-4A47-8B72-AE957794FAE7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A52CAD11-0B45-4621-8453-06CA125B7F49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8BC6E5F4-DAA5-4443-83D3-51765A9AE5BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{612974D0-323F-4102-9BEC-A9517326FF2E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4297B129-2137-4E86-BA49-40829C1DC2E4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EB5AB48D-24BF-49E5-8F4A-444BDFB64BD0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{09605C2B-8D08-4E03-AFD6-3A78F5F27B93}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8DBEA448-528F-4FA2-A80B-DE09FFDAD233}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5E1EBDD0-8119-46B4-99F3-D29F8EF07925}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{013D714D-6373-499C-B94F-924D3E5A6949}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{341216B6-5EE1-43AF-84C5-DE0314D8494B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{26C8F2C6-ECFB-4DFD-B38C-0BFE83F04769}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0DBE11D3-8008-4C11-8F76-965101B8A59B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A518717E-C7CC-4C6C-AAA8-2D134AA500BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F34A2CAD-8127-4197-ABF9-9F799F7AD9D1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8DE23778-F984-4075-8A30-31D1E0EAB390}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4B77EAEB-91F7-408A-A6AF-2C163EF6F56A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C970FBE-AE48-4A37-9705-36D892C6F742}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2FC63D36-6785-4774-91AB-D0F7841EA6DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{18CC406B-FCD4-4A85-896B-908A3F5883BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{FF05BFB9-5839-4A42-B90D-9D9904A1FF30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4843BF4B-5F4D-4048-A8E7-8F45087ECBCE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F94D7B7-C3D3-49EF-B9FE-077EB9A91424}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{05358A4C-CFB6-41AB-A6A9-FF4A459F9186}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE6EFC96-1E64-4385-B2C5-F7A6EA236A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD515646-88D3-4A3D-8323-EBD7F26BADEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F64BFDBA-60B7-4309-A85C-4160485973FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9545700B-38F7-4CC3-B213-F437F49C9683}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2C6F6E41-0144-453D-B62F-5C11AA84CE4D}] => (Allow) C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4582856-C9AD-4386-92EC-995863D8B495}] => (Allow) C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8711D613-23B6-41AF-AD59-232C540A14AC}] => (Allow) C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E44D5BB5-B9D1-440E-9918-F728787C1982}] => (Allow) C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{B880FE5A-C19D-4EC8-8045-A53BFE98B296}C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{829DAFE2-D515-4522-88E5-7E021E5F5F63}C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AC2E6BBB-8895-4CF1-9FF3-FCDE60D04EBF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8E725BF7-4678-42F0-A565-18FAD7DE5BD1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{950B5E77-3AD4-4E5C-AEE0-469D67E4DC75}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{12BE181C-9212-4D27-8BB8-493137A10FD3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{05DF73AE-2D23-41D8-9181-51EAD35D263A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{347C9C20-BBDC-402D-8435-9EC16C160D46}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{57707023-1471-42B2-A8B2-4E79208AD919}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{3E5CB3B8-C041-4B35-98E4-280C06F007B0}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{AAE4E9C4-98D3-4493-97AE-2987B873ADA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{85F8A1F7-565C-4FDD-A9D0-9ADD89B5DDB6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BC4D80E4-4875-4B0E-B63E-316D2AC45A03}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{027A1AF3-177A-47A5-8972-E1BC27CB12DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DCFB44BA-32A5-4384-BDF1-F5FB8BAE4E33}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{91226B20-87A8-43F1-950F-E8A01F739C49}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F0E034B5-C029-4C99-9F2B-A27F862EB8E1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8A226EB7-3C57-4093-BA8A-10A6CEED031D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{9BB5B704-2CFF-4A7F-A29B-ED7EB650464D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A9FF363-F3DF-44EC-9377-46DC4180D1A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2EBE2B8F-1712-4322-BAB1-68E76C151932}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1B3C2E33-089C-404B-A3DE-C0D4E8FB3013}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C6B841AE-6B3E-4A7D-8769-AE858BC15692}D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe] => (Block) D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe
FirewallRules: [UDP Query User{1AC9CE2C-A368-46B7-BEEE-D79FCF12042F}D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe] => (Block) D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe
FirewallRules: [{0BE0D32C-A623-4835-8153-78BE28F388A7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{327E1402-F42D-4244-8748-D0E9D489B9EE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9C1DE79C-EDA9-4803-B5BE-0189E6DB6E9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A42CFEE0-3C7B-4F21-9E35-D32EACC04BC9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4A503570-7C87-4C4D-8D28-95DD4F9D09C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{122F3D4F-3523-45EF-AA27-8C02D4AB49FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0620EF26-3468-4915-AA64-6E32A1418556}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8367DFCF-2901-45C9-8227-BABB13B8DD73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3338D75B-DEAA-4D58-9F72-753F6DB42CE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9AD1898A-923B-4C64-9232-7B2058FDFBAF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2CE7068E-3445-472A-8CA2-4E87B9BAD8A6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{52192514-1707-4CBF-93D0-72D6C98A522D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{829BCC34-4BC1-4741-89D5-608DD1114ED1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1F3178BB-588B-4F8A-B173-806D597FA824}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{96D308F9-98CB-4425-84E9-51A124B89459}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7BDAF6C9-B4E6-4CD6-90A0-703B11F0279C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{39848353-6B76-4F17-B8C8-24B0A3DCC5F6}C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe] => (Allow) C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe
FirewallRules: [UDP Query User{6255D0C9-74F4-4737-A7F3-F00AB179A37D}C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe] => (Allow) C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe
FirewallRules: [{9536DFDA-AF6D-48C9-9DE6-209751A621C4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{F2FEEEAC-5E97-4248-AAC1-93EC67718BC6}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{F1EC24FA-586D-4589-A823-A15E26244F2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4338D206-81C2-4305-BA7A-097D1B2C357A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EA0A60D8-8ADC-4D89-A4A8-4D72316930DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3CE58612-9DE8-409C-9CF9-F92826D0C90D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E51A61CB-3A34-4752-8B7B-A0847593AC83}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{228D73F2-06CB-428E-9EE7-8F7B3AF7C52D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CD3EFBA6-9E01-4EAF-818E-772F0A902559}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CCC099AF-A667-4EC0-AE79-F4FC48F0D5A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{725A8F10-9349-4158-A9E4-DEC14E5713E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB691238-020C-4144-9145-7E9FACA80CA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DB2167F-B242-436A-BB82-B4AA088B5B7A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{66F67928-3B30-47F2-9399-E9853E980A6A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E9F280CA-33AF-4F2A-AB8D-6B8E0917E6EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A5EB4E85-80DF-400E-9880-6270BDCC7435}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4FB8C0E7-08E1-4451-9220-B8F7CE3D6F7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8043A8F7-DA09-4859-9A5A-7ADD0DACF5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C49D137-6487-4FFF-B264-C7CFE4045524}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{59164106-E31C-4AA5-92B5-17B3A4D013CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{537F60CF-157D-4EA6-8C1A-7137CC6C3A2E}] => (Allow) C:\Windows\Prey\versions\1.5.0\bin\node.exe
FirewallRules: [{C8426B54-AB83-4397-BB1C-E81FD798DECD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-01-2016 14:03:57 Intel® Technology Access
30-01-2016 18:10:03 Intel® Technology Access
07-02-2016 18:46:59 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/12/2016 06:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.4.7.0, time stamp: 0x51fd032f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x1568
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5
 
Error: (02/12/2016 06:13:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..(Byte, Byte, .)
   at ..(Byte[])
   at ..(., .)
   at ..(Byte[])
   at ..(Byte[])
   at ..(System.IAsyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.ContextAwareResult.Complete(IntPtr)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
 
Error: (02/12/2016 03:05:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13032
 
Error: (02/12/2016 03:05:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13032
 
Error: (02/12/2016 03:05:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2016 03:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11766
 
Error: (02/12/2016 03:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11766
 
Error: (02/12/2016 03:05:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2016 03:05:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10547
 
Error: (02/12/2016 03:05:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10547
 
 
System errors:
=============
Error: (02/05/2016 01:28:46 AM) (Source: DCOM) (EventID: 10010) (User: METAGROSS)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (02/04/2016 05:42:57 PM) (Source: DCOM) (EventID: 10016) (User: METAGROSS)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MetagrossTommyS-1-5-21-564993757-659052750-1084754678-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.2.258_x64__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257
 
Error: (02/03/2016 11:05:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/03/2016 11:05:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/02/2016 05:59:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/02/2016 05:59:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/02/2016 05:58:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/02/2016 05:58:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/02/2016 05:58:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/02/2016 05:58:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
 
CodeIntegrity:
===================================
  Date: 2014-12-31 22:37:57.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 27%
Total physical RAM: 12211.27 MB
Available physical RAM: 8805.16 MB
Total Virtual: 14067.27 MB
Available Virtual: 9922.09 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.95 GB) (Free:721.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5056384)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Logs look generally good, we can check a few things while you're here


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#3
abandonX

abandonX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
# AdwCleaner v5.033 - Logfile created 13/02/2016 at 13:13:07
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Tommy - METAGROSS
# Running from : C:\Users\Tommy\Desktop\adwcleaner_5.033.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\eSupport.com
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
 
***** [ Files ] *****
 
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_ixquick-proxy.com_0.localstorage
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_animeshow.tv_0.localstorage
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
File Found : C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Value Found : HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
Key Found : HKCU\Software\Classes\pokki
 
***** [ Web browsers ] *****
 
[C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : kbfnbcaeplbcioakkpcpgfkobkghlhen
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3021 bytes] ##########
 
____________________________________________________________________________________________________________________
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64 
Ran by Tommy (Administrator) on 2016-02-13 at 14:01:55.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\ProgramData\1420096811.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1420423070.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1420423080.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage (File) 
Successfully deleted: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
Successfully deleted: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage (File) 
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag4_Startup (Task)
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CBCB94F-3339-49E4-ABA6-53557E4F4C00} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-02-13 at 14:09:37.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,
AdwCleaner, please run the clean option if you have not done so. Your log shows just a scan the clean option will actually remove the files.

Next
Download the enclosed =>Attached File  fixlist.txt   1.29KB   128 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#5
abandonX

abandonX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Tommy (2016-02-13 17:07:53) Run:1
Running from C:\Users\Tommy\Desktop
Loaded Profiles: Tommy (Available Profiles: Tommy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001 -> DefaultScope {3B7A7AC4-AA87-11E4-8269-F0761C315596} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001 -> {0CBCB94F-3339-49E4-ABA6-53557E4F4C00} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {3B7A7AC4-AA87-11E4-8269-F0761C315596} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0CBCB94F-3339-49E4-ABA6-53557E4F4C00} URL = 
SearchScopes: HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
HKU\S-1-5-21-564993757-659052750-1084754678-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-564993757-659052750-1084754678-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CBCB94F-3339-49E4-ABA6-53557E4F4C00} => key not found. 
HKCR\CLSID\{0CBCB94F-3339-49E4-ABA6-53557E4F4C00} => key not found. 
HKU\S-1-5-21-564993757-659052750-1084754678-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CBCB94F-3339-49E4-ABA6-53557E4F4C00} => key not found. 
HKCR\CLSID\{0CBCB94F-3339-49E4-ABA6-53557E4F4C00} => key not found. 
HKU\S-1-5-21-564993757-659052750-1084754678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 541 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:09:29 ====

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

When You run FRST to do the fix, make sure you right click on FRST and run as administrator.

Lets run a scan with ESET. This scan could take a long time, if you're using the computer now you can start it later and post the results later too.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
NOTE: In some instances if no malware is found there will be no log produced.
  • 0

#7
abandonX

abandonX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b4874c518256314abfe23b2262afac12
# end=init
# utc_time=2016-02-14 01:46:15
# local_time=2016-02-13 05:46:15 (-0800, Pacific Standard Time)
# country="Canada"
# osver=6.2.9200 NT 
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b4874c518256314abfe23b2262afac12
# end=init
# utc_time=2016-02-14 01:48:03
# local_time=2016-02-13 05:48:03 (-0800, Pacific Standard Time)
# country="Canada"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28117
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b4874c518256314abfe23b2262afac12
# end=updated
# utc_time=2016-02-14 01:51:31
# local_time=2016-02-13 05:51:31 (-0800, Pacific Standard Time)
# country="Canada"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b4874c518256314abfe23b2262afac12
# engine=28117
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-14 03:51:31
# local_time=2016-02-13 07:51:31 (-0800, Pacific Standard Time)
# country="Canada"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28014068 36987873 0 0
# scanned=273499
# found=3
# cleaned=0
# scan_time=7200
sh=EBC8B4A7AF9E31A07BEB38C3F845C14A355D7C13 ft=1 fh=d178eb280a848a6b vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Tommy\AppData\Roaming\uTorrent\updates\3.4.2_37594.exe"
sh=11C17EF8DBE952B6D870268AD3CA48BAAE140D61 ft=1 fh=403a0c0db8e0bd60 vn="multiple threats" ac=I fn="C:\Users\Tommy\Desktop\Microsoft Toolkit.exe"
sh=2E2313AC534F308F99FF646C9683E111F2B78284 ft=1 fh=d38a8ef6682585a2 vn="a variant of MSIL/HackKMS.H potentially unsafe application" ac=I fn="C:\Windows\AutoKMS\AutoKMS.exe"
 

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Download the enclosed =>Attached File  fixlist.txt   191bytes   93 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

Next

Download Security Check by screen317 from http://rocketgrannie...curityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#9
abandonX

abandonX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi zep516,

 

I recently encountered problems with my computer's functionality after running ESET.  Some of my programs failed to open and have had to be re-installed (such as iTunes), and others often ended up crashing (I've also tried to re-install them, but with no success).  I tried to restore my system twice today, but both restores ended in failure (apparently due to my anti-virus being enabled during the restore process).  The second time I tried to restore my computer, I made sure to disable Malwarebytes; still, I ended up with the same problem.

 

I believe it would be wise to end this cleaning process and start fresh.  I need to figure out what's wrong on with my OS/registry/drivers/whatever and why some of my programs keep 'glitching out' (as in their windows keep flashing and their icons constantly move back and forth on the taskbar).

 

Question 1:  Why can't I perform a system restore on my computer?

 

Question 2:  Why do some of my programs flash several times (with 'not responding' at the top) when I start them up?

 

Additionally, when I clicked 'scan' on Farbar, it too flashed several times (with 'not responding' at the top) before returning to normal and scanning my system.  If we could get to the bottom of this, that would be really helpful!  :)

 

Attached to this reply is the 'FRST' report and the 'ADDITIONAL' report from Farbar.  I need to know if I can click the 'FIX' button of if I need a fixlist to fix the errors on my computer.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Tommy (administrator) on METAGROSS (14-02-2016 20:59:04)
Running from C:\Users\Tommy\Desktop
Loaded Profiles: Tommy (Available Profiles: Tommy)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.5.0\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.5.0\node_modules\triggers\bin\lightevt.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Dropbox, Inc.) C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> explorer.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1380056 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [bdruninstaller] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:bnPMVVU644nUNQtpjZPZijKFSJ8 /after_restart"
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-03-24] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-08-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-30] (Disc Soft Ltd)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Run: [Dropbox Update] => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\MountPoints2: {a732514c-97ab-11e5-827e-f0761c315596} - "F:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{880B7E80-40E2-4109-8E07-B25FDBBAFE8E}: [DhcpNameServer] 204.239.154.189 204.239.154.201
Tcpip\..\Interfaces\{A6847028-BA72-4E0F-B63F-5332253B888D}: [DhcpNameServer] 64.59.144.100 64.59.150.143
 
Internet Explorer:
==================
HKU\S-1-5-21-564993757-659052750-1084754678-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default
FF DefaultSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\searchplugins\startpage-ssl.xml [2015-08-06]
FF Extension: Greasemonkey - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-08-06]
FF Extension: Ghostery - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\Extensions\[email protected] [2016-02-13]
FF Extension: Privacy Settings - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\Extensions\[email protected] [2016-02-13]
FF Extension: uBlock Origin - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\doytaqup.default\Extensions\[email protected] [2016-02-13]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://facebook.com/","hxxp://www.youtube.com/","hxxps://startpage.com/do/mypage.pl?prf=39f4bb54888fd00ba47c1310e59fb9c7"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (uBlock Origin) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-11]
CHR Extension: (Google Search) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (PasswordBox - Free Password Manager) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb [2015-09-29]
CHR Extension: (Security Plus) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2015-07-14]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-02-11]
CHR Extension: (Google Sheets) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Stylish) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Disconnect) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-21]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-02-13]
CHR Extension: (Hide YouTube Comments) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehdmnjmaakacofbgmjgjapbbibhafoh [2015-12-17]
CHR Extension: (Morpheon Dark) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-02-13]
CHR Extension: (Ghostery) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-29]
CHR Extension: (Save to Pocket) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-10-16]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-01-13] (Fork, Ltd.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [243448 2015-12-29] (RaMMicHaeL)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-03] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-13] (Realsil Semiconductor Corporation)
S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-14 20:59 - 2016-02-14 21:00 - 00030448 _____ C:\Users\Tommy\Desktop\FRST.txt
2016-02-14 20:58 - 2016-02-14 20:59 - 00000000 ____D C:\FRST
2016-02-14 20:58 - 2016-02-14 20:58 - 02370560 _____ (Farbar) C:\Users\Tommy\Desktop\FRST64.exe
2016-02-14 20:08 - 2016-02-14 20:01 - 00000899 _____ C:\Users\Tommy\Desktop\Final Draft.lnk
2016-02-14 20:03 - 2016-02-14 20:03 - 00000026 ____H C:\ProgramData\.811261211181235583101118113995
2016-02-14 20:01 - 2016-02-14 20:01 - 00000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Draft 8.lnk
2016-02-14 20:01 - 2016-02-14 20:01 - 00000000 ____D C:\Program Files (x86)\Final Draft 8
2016-02-14 20:01 - 2009-05-14 10:32 - 04169728 ____R (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2016-02-14 19:57 - 2016-02-14 19:58 - 00000000 ____D C:\Users\Tommy\Desktop\Final Draft 8.0.3 Build 120 (Keygen-GQ) [ChingLiu]
2016-02-14 14:53 - 2016-02-14 14:53 - 00001769 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-02-14 14:53 - 2016-02-14 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-14 14:53 - 2016-02-14 14:53 - 00000000 ____D C:\Program Files\iPod
2016-02-14 14:53 - 2016-02-14 14:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-14 14:52 - 2016-02-14 14:53 - 00000000 ____D C:\Program Files\iTunes
2016-02-14 14:51 - 2016-02-14 14:51 - 00000000 ____D C:\Program Files\Bonjour
2016-02-14 14:51 - 2016-02-14 14:51 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-14 14:51 - 2016-02-14 14:51 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-02-14 02:44 - 2016-02-14 14:29 - 00000000 ____D C:\Users\Tommy\Desktop\Final Draft 9.0.2 build 136 (cracked exe) [ChingLiu]
2016-02-13 22:04 - 2016-02-13 22:04 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-13 20:31 - 2016-02-13 21:29 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\systweak
2016-02-13 20:30 - 2016-02-13 20:35 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Opera Software
2016-02-13 20:30 - 2016-02-13 20:35 - 00000000 ____D C:\Users\Tommy\AppData\Local\Opera Software
2016-02-13 20:19 - 2016-02-14 14:29 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\ProductData
2016-02-13 20:18 - 2016-02-14 14:29 - 00000000 ____D C:\Users\Tommy\AppData\Local\C4971F04-1455394733-E411-AA1F-F0761C315596
2016-02-13 20:18 - 2016-02-13 20:18 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-02-13 20:17 - 2016-02-13 20:17 - 00041472 _____ C:\Users\Tommy\AppData\Local\Citytech.dat
2016-02-13 20:17 - 2016-02-13 20:17 - 00000187 _____ C:\Users\Tommy\AppData\Local\Citytech.exe.config
2016-02-13 20:17 - 2016-02-13 20:15 - 00002167 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-02-13 01:16 - 2016-02-14 02:40 - 00005702 _____ C:\Users\Tommy\Desktop\Fifty Shades Review.odt
2016-02-12 14:24 - 2016-02-14 14:29 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\vlc
2016-02-12 14:09 - 2016-02-14 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-02-12 14:09 - 2016-02-12 14:09 - 00001046 _____ C:\Users\Public\Desktop\VLC.lnk
2016-02-12 03:01 - 2016-02-13 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-12 02:48 - 2016-02-14 14:29 - 00000000 ____D C:\Users\Tommy\Desktop\mbar
2016-02-11 23:57 - 2016-02-14 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FocusWriter
2016-02-11 23:57 - 2016-02-11 23:57 - 00001037 _____ C:\Users\Tommy\Desktop\FocusWriter.lnk
2016-02-11 23:57 - 2016-02-11 23:57 - 00000000 ____D C:\Users\Tommy\AppData\Local\GottCode
2016-02-11 23:56 - 2016-02-14 14:29 - 00000000 ____D C:\Program Files (x86)\FocusWriter
2016-02-10 01:39 - 2016-02-10 01:39 - 00085227 _____ C:\Users\Tommy\Downloads\Workshop 1 - Farjad Farahmand.pdf
2016-02-10 01:38 - 2016-02-10 01:38 - 00047538 _____ C:\Users\Tommy\Downloads\Eng 391 - Now Playing.pdf
2016-02-06 01:41 - 2016-02-06 01:41 - 00082349 _____ C:\Users\Tommy\Downloads\DEVELOPMENT BUDGET.pdf
2016-02-04 10:44 - 2016-02-04 10:44 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2016-02-04 10:44 - 2016-02-04 10:44 - 00001990 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2016-01-28 02:09 - 2016-01-28 02:10 - 00000000 ____D C:\Users\Tommy\Desktop\Script Reports
2016-01-28 02:01 - 2016-01-28 02:01 - 00000000 ____D C:\Users\Tommy\Documents\Bluetooth Folder
2016-01-24 17:37 - 2016-01-24 17:37 - 00012553 _____ C:\Users\Tommy\Downloads\Such is Life in Eszterovia-4.pdf
2016-01-24 17:37 - 2016-01-24 17:37 - 00007078 _____ C:\Users\Tommy\Downloads\Two's a Crowd.pdf
2016-01-18 23:37 - 2016-01-24 19:30 - 00000000 ____D C:\Users\Tommy\Desktop\E-books
2016-01-18 22:41 - 2016-02-14 19:54 - 00000000 ____D C:\Program Files\PeerBlock
2016-01-18 22:41 - 2016-01-21 16:41 - 00001796 _____ C:\Users\Tommy\Desktop\PeerBlock.lnk
2016-01-18 22:41 - 2016-01-18 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-01-18 21:02 - 2016-01-18 21:02 - 00000000 ____D C:\Users\Tommy\Documents\Expression
2016-01-15 01:33 - 2016-02-04 19:41 - 00000000 ____D C:\Users\Tommy\Desktop\Creative Writing
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-14 20:45 - 2014-12-24 00:04 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-14 20:31 - 2015-01-18 20:19 - 00000000 ____D C:\Users\Tommy\.gimp-2.8
2016-02-14 20:18 - 2015-06-19 18:08 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001UA.job
2016-02-14 20:12 - 2014-12-23 23:53 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-564993757-659052750-1084754678-1001
2016-02-14 20:04 - 2014-12-24 01:43 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Final Draft
2016-02-14 20:02 - 2015-08-06 12:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-14 20:02 - 2014-12-24 01:42 - 00000000 ____D C:\ProgramData\Final Draft
2016-02-14 19:59 - 2015-02-18 01:48 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for METAGROSS-Tommy Metagross
2016-02-14 19:59 - 2015-01-13 22:02 - 00642048 ___SH C:\Users\Tommy\Desktop\Thumbs.db
2016-02-14 19:59 - 2014-12-24 02:25 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\uTorrent
2016-02-14 19:54 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-02-14 19:53 - 2014-12-23 23:56 - 00000000 ____D C:\Users\Tommy\AppData\Local\CrashDumps
2016-02-14 19:48 - 2014-12-24 02:50 - 00000000 ___RD C:\Users\Tommy\Dropbox
2016-02-14 19:48 - 2014-12-24 02:47 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Dropbox
2016-02-14 19:48 - 2014-12-24 00:04 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-14 19:47 - 2014-12-24 00:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-14 19:47 - 2014-12-23 23:52 - 00000000 ___RD C:\Users\Tommy\OneDrive
2016-02-14 14:52 - 2014-12-24 00:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-14 14:51 - 2014-12-24 00:30 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-14 14:48 - 2015-01-07 06:36 - 00393728 ___SH C:\Users\Tommy\Downloads\Thumbs.db
2016-02-14 14:43 - 2014-12-24 00:30 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-02-14 14:36 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-14 14:35 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-02-14 14:29 - 2015-09-13 18:09 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\IObit
2016-02-14 14:29 - 2015-09-13 18:09 - 00000000 ____D C:\Users\Tommy\AppData\LocalLow\IObit
2016-02-14 14:29 - 2015-08-03 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-14 14:29 - 2015-08-03 19:54 - 00000000 ____D C:\ProgramData\Oracle
2016-02-14 14:29 - 2015-01-22 00:12 - 00000000 ____D C:\Users\Tommy\AppData\Local\gtk-2.0
2016-02-14 14:29 - 2014-12-29 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-14 14:29 - 2014-12-23 23:50 - 00000000 ____D C:\Users\Tommy\AppData\Local\Acer
2016-02-14 14:29 - 2014-09-30 04:25 - 00000000 ____D C:\ProgramData\Atheros
2016-02-14 14:29 - 2014-03-18 01:45 - 00000000 ____D C:\Windows\ShellNew
2016-02-14 14:29 - 2014-03-18 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-14 14:29 - 2013-08-22 07:36 - 00000000 __RSD C:\Windows\Media
2016-02-14 14:19 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\registration
2016-02-14 14:01 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-14 14:01 - 2013-08-22 06:44 - 00614600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-14 13:55 - 2015-09-13 18:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-14 02:48 - 2015-11-27 01:15 - 00000000 ____D C:\Users\Tommy\Desktop\TV Series
2016-02-14 02:34 - 2015-09-13 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2016-02-14 02:34 - 2014-12-23 23:47 - 00000000 ____D C:\Users\Tommy\AppData\Local\Packages
2016-02-14 02:34 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-13 23:18 - 2015-06-19 18:08 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001Core.job
2016-02-13 22:15 - 2013-08-22 05:25 - 00000199 _____ C:\Windows\win.ini
2016-02-13 21:31 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\WinStore
2016-02-13 20:18 - 2015-12-12 22:39 - 00000000 ____D C:\ProgramData\Unchecky
2016-02-13 18:42 - 2015-08-06 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 18:42 - 2015-06-27 20:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 17:32 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-02-12 00:26 - 2014-12-23 23:44 - 00000000 ____D C:\Users\Tommy
2016-02-12 00:12 - 2014-03-18 02:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-11 23:43 - 2014-12-31 01:10 - 00000000 ____D C:\Users\Tommy\Documents\Screenplays to Read
2016-02-11 18:58 - 2015-08-31 21:53 - 00000000 ____D C:\Users\Tommy\.oracle_jre_usage
2016-02-11 18:58 - 2015-08-03 20:08 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-11 18:57 - 2015-08-03 20:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-10 13:49 - 2014-12-24 00:04 - 00002196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 02:43 - 2015-02-02 01:47 - 00000000 ____D C:\Users\Tommy\Documents\Stuff I Did This Year
2016-02-09 19:02 - 2015-08-06 12:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 15:07 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-08 22:50 - 2014-12-28 22:40 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2016-02-08 18:21 - 2015-09-04 21:45 - 00000000 ____D C:\Users\Tommy\Desktop\My Favourite Videos
2016-02-08 01:43 - 2014-12-31 01:10 - 00000000 ____D C:\Users\Tommy\Documents\Poetry
2016-02-07 19:02 - 2015-03-31 23:31 - 00000000 ____D C:\Users\Tommy\Desktop\Advice For Screenwriters
2016-02-07 01:54 - 2016-01-13 00:55 - 00000000 ____D C:\Users\Tommy\Desktop\ENG 391 - please read and comment
2016-02-04 10:44 - 2015-07-20 10:53 - 00003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2016-02-04 10:44 - 2014-12-23 23:49 - 00000000 ____D C:\Users\Tommy\AppData\Local\clear.fi
2016-02-04 10:44 - 2014-07-25 05:27 - 00000000 ___HD C:\OEM
2016-02-04 10:44 - 2014-07-25 04:49 - 00000000 ____D C:\Program Files (x86)\Acer
2016-02-04 10:43 - 2014-07-25 04:49 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-02-02 17:40 - 2014-12-24 00:04 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 17:40 - 2014-12-24 00:04 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 01:00 - 2014-12-25 11:57 - 00000000 ____D C:\Users\Tommy\Desktop\Movies
2016-01-29 23:01 - 2015-11-29 19:01 - 00000000 ____D C:\Users\Tommy\Desktop\Western Digital
2016-01-29 20:40 - 2015-11-29 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2016-01-29 20:40 - 2015-11-29 18:45 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-01-29 20:40 - 2014-07-25 04:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-28 02:09 - 2015-09-21 22:16 - 00000000 ____D C:\Users\Tommy\Documents\Capilano U. Assignments Year 4
2016-01-24 00:49 - 2014-12-30 23:33 - 00000000 ____D C:\Users\Tommy\Documents\Last Chance Animator
2016-01-19 19:24 - 2015-03-11 21:45 - 00000000 ____D C:\Users\Tommy\Documents\Passwords
 
==================== Files in the root of some directories =======
 
2016-02-13 20:17 - 2016-02-13 20:17 - 0041472 _____ () C:\Users\Tommy\AppData\Local\Citytech.dat
2016-02-13 20:17 - 2016-02-13 20:17 - 0000187 _____ () C:\Users\Tommy\AppData\Local\Citytech.exe.config
2015-12-31 20:53 - 2015-12-31 20:53 - 0015743 _____ () C:\Users\Tommy\AppData\Local\recently-used.xbel
2016-02-14 20:03 - 2016-02-14 20:03 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2014-09-30 04:22 - 2014-09-30 04:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-09 12:03
 
==================== End of FRST.txt ============================
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Tommy (2016-02-14 21:01:21)
Running from C:\Users\Tommy\Desktop
Windows 8.1 (X64) (2014-12-24 07:46:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-564993757-659052750-1084754678-500 - Administrator - Disabled)
Guest (S-1-5-21-564993757-659052750-1084754678-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-564993757-659052750-1084754678-1003 - Limited - Enabled)
Tommy (S-1-5-21-564993757-659052750-1084754678-1001 - Administrator - Enabled) => C:\Users\Tommy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3004 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{FF0A904E-8827-4F6E-9A59-900D4C997AD1}) (Version: 1.0.8 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Flixster (HKU\S-1-5-21-564993757-659052750-1084754678-1001\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.5.5 - Graeme Gott)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
Intel® Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Prey Anti-Theft (x32 Version: 1.3.6 - Prey, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
RonyaSoft CD DVD Label Maker 3.01 (HKLM-x32\...\RonyaSoft CD DVD Label Maker) (Version: 3.01 - RonyaSoft)
Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WD Backup (HKLM-x32\...\{953eccd5-26ad-450b-af24-c50227e0fb74}) (Version: 1.2.5721.28811 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.2.5721.28811 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{163952d1-3ca7-4e98-a686-cc0c227c7447}) (Version: 1.2.0.85 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.2.0.85 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-564993757-659052750-1084754678-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tommy\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0058210E-2BF8-499B-B5AB-761EC1F7233A} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {0320A381-95E6-435B-9DD3-7B535B15E4A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001UA => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {0451F55E-4B7F-44F4-8DB8-6F3184E47F40} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
Task: {04D33159-1B0B-4EF1-9086-A8782792D844} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {13F60994-7B1E-45DC-A8E5-892088864544} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {182870E2-9A2B-4DF1-B2F8-2AA853927887} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {1EF8135C-A027-4F37-8CD1-BBD37004C33B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {35C9C024-3788-47F6-9276-FBA1EC42D204} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {3AD61090-C93E-445C-BE04-2A9455B5ED90} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {3ED5350E-F568-45B4-95E2-6D416956ABFF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {4D72E217-8833-4589-B216-08502F49F24B} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {55A2227E-584B-4C6B-A6A9-533B726232A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {58A9A932-7788-486D-8471-D68E6FD07B4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {5A2A9FAF-D31C-4720-B995-92CEF679940A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {60FD5A9E-3447-4A95-948E-3EBCB10D80C1} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {6BB78A72-7EF5-4983-B347-FC6B1B02E233} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {6C5EB362-B214-4C03-89B5-5A502871AA1C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {7649FAE5-6653-441C-A507-D0A3E053CDD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7E0539C1-7133-4F17-BF5F-118779CF963A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {97B73684-2CBD-4559-BD69-63FBC549C85A} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {9E80FF9A-0CD2-43E0-86B4-E2C33AD27118} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {A1ED9AED-1A0D-4438-9EF4-39545FFB0425} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {A1F8885D-6B53-4E3C-A3B2-E49AA60BD73C} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe
Task: {A4962B56-A98A-45A0-B144-60B39E83FB6A} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {A8750FB8-0F17-49EE-9945-65265E28C952} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {AD8431F0-8FD5-4C92-B256-6219B8134F1A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {B2A52CD7-EDB1-4246-B134-6A4172B15177} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-28] ()
Task: {B91F6C83-1660-433B-BB1F-0ADDAEE5A166} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {CA379B68-E19E-40E4-BFFF-2510FF24E94F} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {D0B34DED-F265-4426-A972-8AB6BB1C05E5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001Core => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {DC00C285-561C-41FD-95BB-95F0A03192B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E86FBEA7-5905-4ECF-B9D9-6BC994EA0D56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F649CBF2-F6A5-46C5-9326-7517DD1D06A3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {F68E0C8C-3391-4A78-A1AB-BFAC06C95202} - System32\Tasks\Microsoft Office 15 Sync Maintenance for METAGROSS-Tommy Metagross => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001Core.job => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-564993757-659052750-1084754678-1001UA.job => C:\Users\Tommy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-12-03 12:43 - 2015-12-03 12:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-25 21:14 - 2014-02-25 21:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 21:11 - 2014-02-25 21:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 21:17 - 2014-02-25 21:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-03-18 17:35 - 2014-03-07 08:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-23 18:44 - 2015-11-23 18:44 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2016-02-13 20:18 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-09-30 04:11 - 2013-12-09 15:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-10-01 19:33 - 2012-10-01 19:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-19 15:06 - 2016-01-19 15:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-01-19 15:06 - 2016-01-19 15:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-12-11 00:20 - 2015-10-30 16:59 - 00034768 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00022848 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00023352 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00042296 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00116688 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 00:20 - 2015-10-30 16:59 - 00093640 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00018376 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00019760 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00105928 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00392144 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 00:20 - 2015-12-08 13:36 - 00381752 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00692688 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020816 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00109520 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 01737032 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020808 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020800 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00021840 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00038696 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00024528 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00020936 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00114640 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00021320 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00124880 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00030160 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00043472 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00175560 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00028616 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00048592 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00024392 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00036296 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 00:20 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00117056 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00023376 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00134608 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 00:20 - 2015-10-30 16:59 - 00134088 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00240584 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00020280 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00052024 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00021304 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00350152 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00084792 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 00:20 - 2015-12-08 13:36 - 01826608 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 00:20 - 2015-10-30 17:00 - 00083912 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 03891504 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 01950000 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00519984 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00133936 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00225080 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00207672 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00024904 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00486704 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 00:20 - 2015-12-08 13:36 - 00357680 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 13:45 - 2015-10-30 17:01 - 00019920 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 13:45 - 2015-10-30 17:00 - 00786904 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 23:07 - 2015-10-30 17:00 - 00063448 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 13:45 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\Tommy\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-11-16 19:55 - 2015-11-16 19:55 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-02-04 10:44 - 2016-02-04 10:44 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 17:12 - 2016-01-14 17:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 17:11 - 2016-01-14 17:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2016-02-10 13:49 - 2016-02-09 03:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-10 13:49 - 2016-02-09 03:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Tommy\Desktop\Digital Copy.iso:com.dropbox.attributes
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2016-02-14 14:36 - 00002165 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
There are 7 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-564993757-659052750-1084754678-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tommy\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.jpg
DNS Servers: 64.59.144.100 - 64.59.150.143
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{069649DC-C5AA-4825-8430-220FAC652650}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E5D52499-7EB6-41E6-A4B5-EB5610DFCC50}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E9F87341-54D0-4807-9C24-5B4F629A03FE}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{274D9364-AAC7-4890-88F5-90E68E59E925}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{52C5BC4B-3961-49BD-A872-73E3CBE0AFB6}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FA3AB506-97C8-40FE-886D-DDE879AF06DA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9DCD638C-8558-4D54-BB5A-D4CA36956801}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9B19EC97-7804-4528-98E1-0A910612046A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8534EB21-FC3B-4A47-8B72-AE957794FAE7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A52CAD11-0B45-4621-8453-06CA125B7F49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8BC6E5F4-DAA5-4443-83D3-51765A9AE5BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{612974D0-323F-4102-9BEC-A9517326FF2E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4297B129-2137-4E86-BA49-40829C1DC2E4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EB5AB48D-24BF-49E5-8F4A-444BDFB64BD0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{09605C2B-8D08-4E03-AFD6-3A78F5F27B93}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8DBEA448-528F-4FA2-A80B-DE09FFDAD233}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5E1EBDD0-8119-46B4-99F3-D29F8EF07925}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{013D714D-6373-499C-B94F-924D3E5A6949}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{341216B6-5EE1-43AF-84C5-DE0314D8494B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{26C8F2C6-ECFB-4DFD-B38C-0BFE83F04769}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0DBE11D3-8008-4C11-8F76-965101B8A59B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A518717E-C7CC-4C6C-AAA8-2D134AA500BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F34A2CAD-8127-4197-ABF9-9F799F7AD9D1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8DE23778-F984-4075-8A30-31D1E0EAB390}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4B77EAEB-91F7-408A-A6AF-2C163EF6F56A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C970FBE-AE48-4A37-9705-36D892C6F742}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2FC63D36-6785-4774-91AB-D0F7841EA6DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{18CC406B-FCD4-4A85-896B-908A3F5883BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{FF05BFB9-5839-4A42-B90D-9D9904A1FF30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4843BF4B-5F4D-4048-A8E7-8F45087ECBCE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F94D7B7-C3D3-49EF-B9FE-077EB9A91424}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C6F6E41-0144-453D-B62F-5C11AA84CE4D}] => (Allow) C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4582856-C9AD-4386-92EC-995863D8B495}] => (Allow) C:\Users\Tommy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8711D613-23B6-41AF-AD59-232C540A14AC}] => (Allow) C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E44D5BB5-B9D1-440E-9918-F728787C1982}] => (Allow) C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{B880FE5A-C19D-4EC8-8045-A53BFE98B296}C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{829DAFE2-D515-4522-88E5-7E021E5F5F63}C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tommy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AC2E6BBB-8895-4CF1-9FF3-FCDE60D04EBF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8E725BF7-4678-42F0-A565-18FAD7DE5BD1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{950B5E77-3AD4-4E5C-AEE0-469D67E4DC75}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{12BE181C-9212-4D27-8BB8-493137A10FD3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{05DF73AE-2D23-41D8-9181-51EAD35D263A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{347C9C20-BBDC-402D-8435-9EC16C160D46}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{57707023-1471-42B2-A8B2-4E79208AD919}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{3E5CB3B8-C041-4B35-98E4-280C06F007B0}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{AAE4E9C4-98D3-4493-97AE-2987B873ADA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{85F8A1F7-565C-4FDD-A9D0-9ADD89B5DDB6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BC4D80E4-4875-4B0E-B63E-316D2AC45A03}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{027A1AF3-177A-47A5-8972-E1BC27CB12DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DCFB44BA-32A5-4384-BDF1-F5FB8BAE4E33}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{91226B20-87A8-43F1-950F-E8A01F739C49}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F0E034B5-C029-4C99-9F2B-A27F862EB8E1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8A226EB7-3C57-4093-BA8A-10A6CEED031D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{9BB5B704-2CFF-4A7F-A29B-ED7EB650464D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A9FF363-F3DF-44EC-9377-46DC4180D1A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2EBE2B8F-1712-4322-BAB1-68E76C151932}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1B3C2E33-089C-404B-A3DE-C0D4E8FB3013}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C6B841AE-6B3E-4A7D-8769-AE858BC15692}D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe] => (Block) D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe
FirewallRules: [UDP Query User{1AC9CE2C-A368-46B7-BEEE-D79FCF12042F}D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe] => (Block) D:\tor browser\browser\torbrowser\tor\pluggabletransports\flashproxy-client.exe
FirewallRules: [{0BE0D32C-A623-4835-8153-78BE28F388A7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{327E1402-F42D-4244-8748-D0E9D489B9EE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9C1DE79C-EDA9-4803-B5BE-0189E6DB6E9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A42CFEE0-3C7B-4F21-9E35-D32EACC04BC9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4A503570-7C87-4C4D-8D28-95DD4F9D09C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{122F3D4F-3523-45EF-AA27-8C02D4AB49FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0620EF26-3468-4915-AA64-6E32A1418556}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8367DFCF-2901-45C9-8227-BABB13B8DD73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3338D75B-DEAA-4D58-9F72-753F6DB42CE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9AD1898A-923B-4C64-9232-7B2058FDFBAF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2CE7068E-3445-472A-8CA2-4E87B9BAD8A6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{52192514-1707-4CBF-93D0-72D6C98A522D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{829BCC34-4BC1-4741-89D5-608DD1114ED1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1F3178BB-588B-4F8A-B173-806D597FA824}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{96D308F9-98CB-4425-84E9-51A124B89459}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7BDAF6C9-B4E6-4CD6-90A0-703B11F0279C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{39848353-6B76-4F17-B8C8-24B0A3DCC5F6}C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe] => (Allow) C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe
FirewallRules: [UDP Query User{6255D0C9-74F4-4737-A7F3-F00AB179A37D}C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe] => (Allow) C:\users\tommy\desktop\ygopro-1.033.4v2-percy\ygopro_vs.exe
FirewallRules: [{9536DFDA-AF6D-48C9-9DE6-209751A621C4}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{F2FEEEAC-5E97-4248-AAC1-93EC67718BC6}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{F1EC24FA-586D-4589-A823-A15E26244F2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4338D206-81C2-4305-BA7A-097D1B2C357A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EA0A60D8-8ADC-4D89-A4A8-4D72316930DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3CE58612-9DE8-409C-9CF9-F92826D0C90D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E51A61CB-3A34-4752-8B7B-A0847593AC83}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{228D73F2-06CB-428E-9EE7-8F7B3AF7C52D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CD3EFBA6-9E01-4EAF-818E-772F0A902559}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CCC099AF-A667-4EC0-AE79-F4FC48F0D5A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{725A8F10-9349-4158-A9E4-DEC14E5713E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB691238-020C-4144-9145-7E9FACA80CA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DB2167F-B242-436A-BB82-B4AA088B5B7A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{66F67928-3B30-47F2-9399-E9853E980A6A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E9F280CA-33AF-4F2A-AB8D-6B8E0917E6EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A5EB4E85-80DF-400E-9880-6270BDCC7435}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4FB8C0E7-08E1-4451-9220-B8F7CE3D6F7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8043A8F7-DA09-4859-9A5A-7ADD0DACF5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C49D137-6487-4FFF-B264-C7CFE4045524}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{59164106-E31C-4AA5-92B5-17B3A4D013CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{537F60CF-157D-4EA6-8C1A-7137CC6C3A2E}] => (Allow) C:\Windows\Prey\versions\1.5.0\bin\node.exe
FirewallRules: [{C8426B54-AB83-4397-BB1C-E81FD798DECD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CCDE4088-472A-462B-B8ED-B7F97B07C643}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{8E5ABC08-7150-4815-981A-E01CE1D57B53}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{CDA3F9A5-5E70-48EE-BD4F-965365BFCD49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3E4B44F-B35D-4AC7-BB79-50C76E002AC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1AC38C51-8272-4E6F-B777-D53D557E826F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42AB0FBE-5F20-4012-954A-29E170B2A68E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86AE304B-62D0-4BC5-83F6-312C602DEBBF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{79B7975C-6344-4640-BC50-CF3C85C2E342}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{656EC288-3DEE-4C27-8CDF-58FDF0D3F19A}] => (Block) %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
 
==================== Restore Points =========================
 
30-01-2016 18:10:03 Intel® Technology Access
07-02-2016 18:46:59 Scheduled Checkpoint
13-02-2016 14:02:02 JRT Pre-Junkware Removal
13-02-2016 17:08:01 Restore Point Created by FRST
13-02-2016 20:25:38 Removed System Requirements Lab Detection
13-02-2016 22:16:57 PROPLUS
14-02-2016 02:46:57 Removed Final Draft
14-02-2016 12:47:59 Removed Final Draft
14-02-2016 12:56:15 Installed Final Draft
14-02-2016 13:15:48 Removed Final Draft
14-02-2016 13:25:47 Removed iTunes
14-02-2016 13:32:22 Restore Operation
14-02-2016 14:40:54 Removed iTunes
14-02-2016 14:51:57 Installed iTunes
14-02-2016 20:00:55 Installed Final Draft
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2016 09:01:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1468
 
Start Time: 01d167a39cd6181d
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: d47e3782-d3a0-11e5-8289-f0761c315596
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/14/2016 07:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.4.7.0, time stamp: 0x51fd032f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x21dc
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5
 
Error: (02/14/2016 07:49:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..(Byte, Byte, .)
   at ..(Byte[])
   at ..(., .)
   at ..(Byte[])
   at ..(Byte[])
   at ..(System.IAsyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.ContextAwareResult.Complete(IntPtr)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
 
Error: (02/14/2016 03:05:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7484
 
Error: (02/14/2016 03:05:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7484
 
Error: (02/14/2016 03:05:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/14/2016 03:05:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6234
 
Error: (02/14/2016 03:05:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6234
 
Error: (02/14/2016 03:05:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/14/2016 03:05:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5016
 
 
System errors:
=============
Error: (02/14/2016 02:38:32 PM) (Source: DCOM) (EventID: 10010) (User: METAGROSS)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
Error: (02/14/2016 02:36:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FlexNet Licensing Service service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2014-12-31 22:37:57.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 23%
Total physical RAM: 12211.27 MB
Available physical RAM: 9283.91 MB
Total Virtual: 14067.27 MB
Available Virtual: 10561.3 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.95 GB) (Free:725.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5056384)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#10
abandonX

abandonX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

UPDATE:  Functionality is becoming worse.  For example, my program windows will not even appear on top of my Internet browser.  In order for them to even appear, I have to either close or minimize my browser's window (or they won't pop up).  In addition, my programs crash when I try to open individual files on them (e.g. double clicking a .pdf to open Adobe Reader).  However, my programs do not crash when I open the program itself and then open up a file by using the 'File' > 'Open' option.  

 

I think I might have deleted something important in my registry - I'm not sure.  I am very frustrated with my situation right now as my computer seems to be worse off than before I started cleaning it.  I would like very much to do a system restore and return it back to the way it was.


Edited by abandonX, 15 February 2016 - 12:04 AM.

  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts

Question 1: Why can't I perform a system restore on my computer?
I think I might have deleted something important in my registry - I'm not sure


Try a system restore from safe mode

http://www.digitalci...ws-8-windows-81
  • 0

#12
abandonX

abandonX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi zep516,

 

I have tried almost every way to restore my system - but with no luck.  I've managed to get my computer to be stable for the most part, but my programs still have trouble stabilizing themselves when I open them.  Is there a way to just manually fix my computer through Farbar?

 

I cannot do a system refresh at this point in time.

 

Thanks.


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I'll get back to you on this asap.
  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Download the enclosed =>Attached File  fixlist.txt   1.83KB   111 downloads Save it in the location FRST64 is. Right click FRST "Run as administrator" and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, passwords, phishing

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP