Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected with browser redirect virus [Closed]

Started by lfranci , Jul 06 2016 01:33 PM
malware adware virus hijacking help

  • This topic is locked This topic is locked

#1
lfranci
Posted 06 July 2016 - 01:33 PM

lfranci

    Member

  • Member
  • PipPip
  • 10 posts

My computer is infected with an extremely annoying adware hijacking virus. I use Google Chrome as my main browser and I think I may have picked up this virus when I downloaded something off of ThePirateBay about a month ago. This virus is really awful, it will open up new tabs and windows of ads in my browser if I click anywhere on a page, and doesn't stop doing this until I close the browser and open another one (and then it usually starts again in a few minuets on my new browser page). Two of the most frequently redirect portals I see are clx.im and xb11766. I have tried multiple different anti-spyware softwares and other measures to no avail; they all say there is nothing wrong with my computer. I've used Malwarebytes Anti-Malware (free version) multiple times, Kaspersky TDSSKiller, HitmanPro (trial version), Zemana AntiMalware, and AdwCleaner. I've also reset my browser to default settings and attempted to uninstall any malware on my computer, but no adware is showing there. Nothing so far has worked, and if anything I think the adware has gotten more aggressive on my computer in the past few days. 

 

 

Below is a copy of my FRST diagnostic results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Laura (administrator) on BAGA (06-07-2016 15:07:29)
Running from C:\Users\Laura\Downloads
Loaded Profiles: Laura (Available Profiles: Laura)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Felix Belzile) C:\Program Files (x86)\Cold Turkey\CTService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Spotify Ltd) C:\Users\Laura\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Soluto] => c:\program files\soluto\soluto.exe [1252896 2013-12-18] (Soluto)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\Run: [Spotify Web Helper] => C:\Users\Laura\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-16] (Spotify Ltd)
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\Run: [Dropbox Update] => C:\Users\Laura\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-27] (Dropbox, Inc.)
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\Run: [Spotify] => C:\Users\Laura\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-16] (Spotify Ltd)
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\RunOnce: [Application Restart #9] => C:\Users\Laura\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\RunOnce: [Application Restart #6] => C:\Users\Laura\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-11-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{205B3EAF-5DF3-4154-9F0E-8E035BA2A11A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C7526C9F-F317-4EC5-9CAE-C003691FE040}: [DhcpNameServer] 40.34.1.55
 
Internet Explorer:
==================
HKU\S-1-5-21-1745142471-199398243-411458533-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1745142471-199398243-411458533-1001 -> DefaultScope {45EBBED1-5026-11E5-8279-C45444B5F428} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\fx1tumma.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?s=acer&m=start
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-14]
CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Archive Poster) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceakpicibkmdilicebgddflnfbpmcpgd [2016-06-17]
CHR Extension: (Adblock Plus) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-06-24]
CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-02-13]
CHR Extension: (XKit) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-02-13]
CHR Extension: (AdBlock) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-05]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-03]
CHR Extension: (Tumblr Optimiser) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilaebdchnmobmcalandfmfmlneeghoag [2015-02-13]
CHR Extension: (Adblock Super) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-19]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (No more Tumblr players) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\olffebgbihkemhnlpeficnplfoiabljj [2015-05-21]
CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-16] (Acer Incorporated)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [323072 2015-01-18] (Felix Belzile) [File not signed]
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-14] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7549616 2014-02-25] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-05] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 npf; system32\drivers\npf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-06 15:07 - 2016-07-06 15:08 - 00026988 _____ C:\Users\Laura\Downloads\FRST.txt
2016-07-06 15:06 - 2016-07-06 15:07 - 00000000 ____D C:\FRST
2016-07-06 15:06 - 2016-07-06 15:06 - 02390016 _____ (Farbar) C:\Users\Laura\Downloads\FRST64.exe
2016-06-26 16:15 - 2016-06-26 16:15 - 00765297 _____ C:\Users\Laura\Downloads\Gervais US vs UK.pdf
2016-06-26 15:29 - 2016-06-26 15:29 - 00781817 _____ C:\Users\Laura\Downloads\Day on TDS 84-96.pdf
2016-06-26 14:17 - 2016-06-26 14:18 - 76587210 _____ C:\Users\Laura\Downloads\postmodernism.pptx
2016-06-24 17:18 - 2016-06-24 17:18 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 14:42 - 2016-06-15 16:40 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-24 14:30 - 2016-06-24 14:30 - 00000070 _____ C:\Windows\RAVTC.TMP
2016-06-24 01:40 - 2016-06-24 01:40 - 00849684 _____ C:\Users\Laura\Downloads\Rhode (2010).pdf
2016-06-23 14:50 - 2016-06-23 14:50 - 01323860 _____ C:\Users\Laura\Downloads\Adonis_Complex.pdf
2016-06-23 14:46 - 2016-06-23 14:46 - 00272796 _____ C:\Users\Laura\Downloads\Text_Ch_26.pdf
2016-06-22 22:12 - 2016-06-22 22:12 - 00652735 _____ C:\Users\Laura\Downloads\Mintz_Standup.pdf
2016-06-20 07:28 - 2016-06-20 07:28 - 01521248 _____ C:\Users\Laura\Downloads\R16_The_War_Against_Welfare_Mothers.pdf
2016-06-20 07:28 - 2016-06-20 07:28 - 01521248 _____ C:\Users\Laura\Downloads\R16_The_War_Against_Welfare_Mothers (1).pdf
2016-06-20 07:28 - 2016-06-20 07:28 - 00043847 _____ C:\Users\Laura\Downloads\Devitt (1992).pdf
2016-06-20 07:27 - 2016-06-20 07:27 - 01643223 _____ C:\Users\Laura\Downloads\Douglas_Michaels_2004.pdf
2016-06-20 07:27 - 2016-06-20 07:27 - 01643223 _____ C:\Users\Laura\Downloads\Douglas_Michaels_2004 (1).pdf
2016-06-20 02:41 - 2016-06-20 02:41 - 01108625 _____ C:\Users\Laura\Downloads\Pitcher_2008 (1).pdf
2016-06-20 02:41 - 2016-06-20 02:41 - 01099698 _____ C:\Users\Laura\Downloads\Text_Ch_54 (1).pdf
2016-06-20 01:34 - 2016-06-20 01:34 - 00395748 _____ C:\Users\Laura\Downloads\LePore_2009.pdf
2016-06-18 17:06 - 2016-06-18 17:06 - 01108625 _____ C:\Users\Laura\Downloads\Pitcher_2008.pdf
2016-06-18 17:05 - 2016-06-18 17:05 - 01099698 _____ C:\Users\Laura\Downloads\Text_Ch_54.pdf
2016-06-18 15:20 - 2016-06-18 15:26 - 473679456 _____ C:\Users\Laura\Downloads\Lemonade.HDTV.x264-[eSc].mp4
2016-06-18 15:18 - 2016-06-18 15:18 - 00000804 _____ C:\Users\Laura\Downloads\00-beyoncé-lemonade-2016-web.m3u
2016-06-18 01:45 - 2016-06-18 01:45 - 07366740 _____ C:\Users\Laura\Downloads\30dayketogenicdietplan2015.pdf
2016-06-17 21:57 - 2016-06-17 21:57 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Laura\Downloads\iExplore64.exe
2016-06-17 21:53 - 2016-06-17 21:57 - 00478018 _____ C:\TDSSKiller.3.1.0.9_17.06.2016_21.53.32_log.txt
2016-06-14 23:20 - 2016-06-17 21:52 - 00000000 ____D C:\EEK
2016-06-14 23:19 - 2016-06-14 23:19 - 00002579 _____ C:\Users\Laura\Desktop\JRT.txt
2016-06-14 22:59 - 2016-06-14 23:06 - 00000000 ____D C:\AdwCleaner
2016-06-14 22:52 - 2016-06-14 22:52 - 00000948 _____ C:\Windows\system32\.crusader
2016-06-14 22:34 - 2016-06-14 22:54 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-14 22:34 - 2016-06-14 22:34 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-14 22:34 - 2016-06-14 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-14 22:34 - 2016-06-14 22:34 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-14 22:23 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-14 22:23 - 2016-06-03 09:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 22:23 - 2016-06-02 13:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 22:23 - 2016-05-29 11:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 22:23 - 2016-05-29 11:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-14 22:23 - 2016-05-29 11:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 22:23 - 2016-05-29 11:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 22:23 - 2016-05-29 11:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-14 22:23 - 2016-05-29 11:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 22:22 - 2016-04-12 11:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-14 22:22 - 2016-04-12 11:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-14 22:20 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-14 22:20 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-14 22:20 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-14 22:20 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-14 22:20 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-14 22:20 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-14 22:15 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 22:15 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 22:15 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 22:15 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 22:15 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 22:15 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 22:15 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 22:15 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 22:15 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 22:14 - 2016-05-18 01:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 22:14 - 2016-05-18 01:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 22:14 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 22:14 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 22:14 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 22:14 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 22:14 - 2016-05-13 19:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 22:14 - 2016-05-13 18:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 22:14 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 22:14 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 22:14 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 22:14 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 22:14 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-14 22:14 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-14 22:14 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 22:14 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 22:14 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 22:14 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 22:13 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 22:13 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 22:12 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 22:12 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 22:12 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 22:12 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 22:12 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 22:12 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 22:12 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 22:12 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 22:12 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 22:12 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 22:12 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 22:12 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-14 22:12 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 22:12 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-14 22:12 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-14 22:12 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-14 22:12 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 22:12 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 22:12 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 22:12 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 22:12 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 22:12 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 22:12 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 22:12 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 22:12 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 22:12 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 22:12 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 22:12 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 22:12 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 22:12 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 22:12 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-14 22:12 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 22:12 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 22:12 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 22:12 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 22:12 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 22:12 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 22:12 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 22:12 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 22:12 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 22:12 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 21:44 - 2016-06-14 21:47 - 244361416 _____ C:\Users\Laura\Downloads\EmsisoftEmergencyKit.exe
2016-06-14 21:44 - 2016-06-14 21:44 - 03703360 _____ C:\Users\Laura\Downloads\adwcleaner_5.200.exe
2016-06-14 21:44 - 2016-06-14 21:44 - 01610816 _____ (Malwarebytes) C:\Users\Laura\Downloads\JRT.exe
2016-06-14 21:42 - 2016-06-14 21:42 - 11438608 _____ (SurfRight B.V.) C:\Users\Laura\Downloads\hitmanpro_x64.exe
2016-06-14 21:40 - 2016-06-17 21:59 - 00001960 _____ C:\Users\Laura\Desktop\Rkill.txt
2016-06-14 21:39 - 2016-06-14 21:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Laura\Downloads\iExplore.exe
2016-06-14 21:38 - 2016-06-14 21:40 - 00241102 _____ C:\TDSSKiller.3.1.0.9_14.06.2016_21.38.31_log.txt
2016-06-14 21:38 - 2016-06-14 21:38 - 04633146 _____ C:\Users\Laura\Downloads\tdsskiller.zip
2016-06-14 21:22 - 2016-06-14 21:22 - 00140084 _____ C:\Windows\ntbtlog.txt
2016-06-14 18:55 - 2016-06-14 18:55 - 04731835 _____ C:\Users\Laura\Downloads\Gates Eddie Murphy 151-163.pdf
2016-06-13 23:28 - 2016-06-13 23:28 - 00029381 _____ C:\Users\Laura\Downloads\KetoCalculatorForecast_2016-06-13.csv
2016-06-13 23:28 - 2016-06-13 23:28 - 00029381 _____ C:\Users\Laura\Downloads\KetoCalculatorForecast_2016-06-13 (1).csv
2016-06-13 09:27 - 2016-06-13 09:27 - 00905588 _____ C:\Users\Laura\Downloads\Soto (1).pdf
2016-06-13 09:27 - 2016-06-13 09:27 - 00850434 _____ C:\Users\Laura\Downloads\Ono & Pham (2009) (1).pdf
2016-06-13 09:27 - 2016-06-13 09:27 - 00249980 _____ C:\Users\Laura\Downloads\Text_Ch_29 (1).pdf
2016-06-11 10:49 - 2016-06-11 10:50 - 100656829 _____ C:\Users\Laura\Downloads\Talk - Tim Wise on White Privilege.mp4
2016-06-11 10:49 - 2016-06-11 10:49 - 00009245 _____ C:\Users\Laura\Downloads\yl0DgCk.htm
2016-06-11 10:49 - 2016-06-11 10:49 - 00009245 _____ C:\Users\Laura\Downloads\yl0DgCk (1).htm
2016-06-11 10:45 - 2016-06-11 10:45 - 00905588 _____ C:\Users\Laura\Downloads\Soto.pdf
2016-06-11 10:45 - 2016-06-11 10:45 - 00850434 _____ C:\Users\Laura\Downloads\Ono & Pham (2009).pdf
2016-06-11 10:45 - 2016-06-11 10:45 - 00249980 _____ C:\Users\Laura\Downloads\Text_Ch_29.pdf
2016-06-07 22:55 - 2016-06-07 22:55 - 00188378 _____ C:\Users\Laura\Downloads\Allen QE Minstrelsy.pdf
2016-06-06 23:13 - 2016-06-06 23:13 - 01446231 _____ C:\Users\Laura\Downloads\R13_Black_Masculine_Scripts.pdf
2016-06-06 23:13 - 2016-06-06 23:13 - 00510210 _____ C:\Users\Laura\Downloads\SmithShomade_2002.pdf
2016-06-06 08:13 - 2016-06-06 08:13 - 00928026 _____ C:\Users\Laura\Downloads\R20_Knowing_Pornography.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-06 15:02 - 2014-11-26 23:16 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-06 14:50 - 2015-07-27 17:39 - 00000928 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745142471-199398243-411458533-1001UA.job
2016-07-06 13:20 - 2014-11-26 23:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1745142471-199398243-411458533-1001
2016-07-06 00:02 - 2014-11-26 23:16 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-05 23:48 - 2014-11-26 22:59 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Adobe
2016-07-05 23:48 - 2014-05-19 08:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-05 23:46 - 2014-12-01 18:43 - 00000000 ____D C:\Program Files\Adobe
2016-07-05 23:46 - 2014-12-01 18:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-05 23:40 - 2015-03-30 22:41 - 00000000 ____D C:\ProgramData\DivX
2016-07-05 19:57 - 2015-10-02 16:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-05 19:56 - 2014-11-26 23:29 - 00000000 ____D C:\Users\Laura\AppData\Local\Spotify
2016-07-05 19:41 - 2014-11-26 23:29 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Spotify
2016-07-01 21:26 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-01 21:26 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-27 22:37 - 2014-11-26 22:59 - 00000000 ____D C:\Users\Laura\AppData\Local\Packages
2016-06-26 16:50 - 2015-07-27 17:39 - 00000876 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745142471-199398243-411458533-1001Core.job
2016-06-25 17:38 - 2014-12-01 18:13 - 00000000 ____D C:\Users\Laura\AppData\Local\Adobe
2016-06-24 17:19 - 2015-01-03 04:32 - 00000000 ___RD C:\Users\Laura\Dropbox
2016-06-24 17:18 - 2015-01-03 04:28 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Dropbox
2016-06-24 14:31 - 2014-11-27 15:27 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-06-24 14:31 - 2014-11-27 15:26 - 00000000 ____D C:\ProgramData\Panda Security
2016-06-24 14:28 - 2014-11-27 15:28 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Panda Security
2016-06-24 14:28 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-06-24 14:23 - 2015-01-06 17:37 - 00000000 ____D C:\Users\Laura\AppData\Local\FluxSoftware
2016-06-22 15:17 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-06-18 19:55 - 2014-11-29 23:02 - 00000000 ___DO C:\Users\Laura\OneDrive
2016-06-18 19:52 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-18 19:52 - 2013-08-22 10:44 - 05158048 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-18 19:49 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-18 19:46 - 2015-04-18 16:05 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-18 19:46 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-17 20:07 - 2014-11-26 23:17 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 15:45 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-15 16:51 - 2014-12-08 22:03 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 16:34 - 2014-12-08 22:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 23:07 - 2014-11-26 22:58 - 00000000 ____D C:\Users\Laura\AppData\Local\SweetLabs App Platform
2016-06-14 21:17 - 2014-11-26 22:58 - 00000000 ____D C:\Users\Laura
2016-06-14 13:13 - 2014-12-01 16:34 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:13 - 2014-12-01 16:34 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-06 09:08 - 2016-05-20 21:54 - 00000000 ____D C:\Users\Laura\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2014-08-14 12:29 - 2014-08-14 12:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-26 23:17 - 2014-11-26 23:17 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu4iesm.dll
C:\Users\Laura\AppData\Local\Temp\Hola-Setup-x64-1.11.916.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\libeay32.dll
C:\Users\Laura\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Laura\AppData\Local\Temp\msvcr120.dll
C:\Users\Laura\AppData\Local\Temp\oct2DE3.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct44B8.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct44DA.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4786.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4C43.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4CA6.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct51B3.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct5391.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct6FFF.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct7420.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct9A30.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct9CD1.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octB443.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octC6D.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octCEBA.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octD2FB.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF50.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF6F0.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF848.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF9.tmp.exe
C:\Users\Laura\AppData\Local\Temp\ose00000.exe
C:\Users\Laura\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_KDVQM-HMNFJ-P9PJX-96HDF-DJYGX_act_1_.exe
C:\Users\Laura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Laura\AppData\Local\Temp\sqlite3.dll
C:\Users\Laura\AppData\Local\Temp\uninstall.exe
C:\Users\Laura\AppData\Local\Temp\{2A433004-1601-4298-BD82-5B019870DD61}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-04 23:20
 
==================== End of FRST.txt ============================

 

 

 

Below is a copy of my Addition diagnostic results: 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Laura (2016-07-06 15:10:38)
Running from C:\Users\Laura\Downloads
Windows 8.1 (Update) (X64) (2014-11-27 02:59:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1745142471-199398243-411458533-500 - Administrator - Disabled)
Guest (S-1-5-21-1745142471-199398243-411458533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1745142471-199398243-411458533-1003 - Limited - Enabled)
Laura (S-1-5-21-1745142471-199398243-411458533-1001 - Administrator - Enabled) => C:\Users\Laura
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Cold Turkey (Basic) (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 1.2.6 Basic - Felix Belzile)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9590 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745142471-199398243-411458533-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {134B959F-29E6-4F0E-B9D7-8310FEE20DEE} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {1AC4BF25-5EBA-48D5-89DA-D04AADF9B80A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1F5CEAE5-E485-46A1-B2FA-285D1B796BA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {1FB340A4-61F9-4443-B4D9-966633F040A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2D21714A-93A9-4C15-94B2-73249B3BBDB0} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-25] ()
Task: {3C05C280-CC14-40DA-A9DA-BB3BA6FE2A21} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1745142471-199398243-411458533-1001UA => C:\Users\Laura\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-27] (Dropbox, Inc.)
Task: {3F970B95-1C5D-413F-9461-122A515C0DAD} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {56A92345-BF0B-4159-9FD4-BE4A42BF6295} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated)
Task: {66251BFA-84BA-48F1-AE3C-96AFD4A0DF86} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {A3958CB9-C988-4D0E-A54E-A48F59B85FF1} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {A9D8984A-5407-4E7D-BAA3-F26E580D5393} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B9AB2724-D61E-4437-A2E7-3D3EDD03A116} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {BD983255-D823-4D9B-A19D-64F75D9C0622} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {BDEB9AC3-74A0-4D9B-A6FB-29743960B1F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C0C84C21-A828-429D-BE90-6CE9EB1C4C2F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {D5D123F5-433E-4B5F-A903-3102D649DD6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {D78AE673-F5D4-4145-973A-D3F95529356E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {DEF8BC01-6645-4AB1-B990-F4169810E8B0} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {DFAB80B6-B04B-404C-8AB8-F45041F781E2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E9D6850B-6304-4C2A-ABD6-B01966DCF24F} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {EAA575CC-449C-496B-B4C2-217329F39BF0} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {F398FD94-A82F-4E48-A400-76878D7DD9FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1745142471-199398243-411458533-1001Core => C:\Users\Laura\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-27] (Dropbox, Inc.)
Task: {F723DBB0-B9D9-401F-AE92-B1696F173B38} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {FACE3266-E2FA-4C11-B0BE-A0266EF00E4D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lfranci.bgsu.edu@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {FFC7DA07-2AC9-47E0-BC77-EA3362162910} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-01-08] (Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745142471-199398243-411458533-1001Core.job => C:\Users\Laura\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745142471-199398243-411458533-1001UA.job => C:\Users\Laura\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-14 19:27 - 2014-04-14 19:27 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-08-14 13:10 - 2012-04-24 06:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-05-17 14:09 - 2016-05-17 14:09 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\363bb11e450738392f86eae57aceb84c\PCGAppControlPluginLoader.ni.exe
2013-12-18 19:02 - 2013-12-18 19:02 - 00124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-18 19:02 - 2013-12-18 19:02 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2016-05-17 14:10 - 2016-05-17 14:10 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\e5162c1c2f8deacb49f81f8117b7cf4c\Windows.Management.ni.dll
2016-05-17 14:06 - 2016-05-17 14:06 - 03498496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGPreCompiled\8f62172484c867bde5e925b3f754bcc4\PCGPreCompiled.ni.dll
2016-05-17 14:11 - 2016-05-17 14:11 - 01782272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\499fde8f3c9a380cc8647292d9e91de6\Windows.ApplicationModel.ni.dll
2016-05-17 14:11 - 2016-05-17 14:11 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\85dd654fe936df9e1997f386cd7d0e48\Windows.System.ni.dll
2016-05-17 14:10 - 2016-05-17 14:10 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2014-08-14 12:41 - 2014-02-25 23:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2016-06-23 20:46 - 2016-06-19 02:00 - 00049728 _____ () C:\ProgramData\Soluto\Temp\DropboxAppControl_f68b9561-31d8-45d8-b91f-b77086079a2c\DropboxAppControlPlugin_1.0.0.62.dll
2014-11-20 15:06 - 2014-11-20 15:06 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-05-19 09:05 - 2014-03-07 12:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-11-20 15:06 - 2014-11-20 15:06 - 00089856 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-08-14 13:20 - 2014-01-03 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-11-04 17:58 - 2014-11-04 17:58 - 00172800 _____ () C:\Program Files (x86)\Acer\abDocs Office AddIn\AcerWordAddin64.dll
2012-10-01 20:56 - 2012-10-01 20:56 - 00240256 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL
2012-10-01 22:36 - 2012-10-01 22:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-04 23:26 - 2014-03-02 22:35 - 00075776 _____ () C:\Program Files (x86)\Cold Turkey\PcapDotNet.Core.dll
2014-11-26 23:03 - 2014-11-26 23:03 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 12:57 - 2014-11-17 12:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-11-17 12:53 - 2014-11-17 12:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-20 15:06 - 2014-11-20 15:06 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-08-14 12:31 - 2013-12-09 19:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-24 17:18 - 2016-05-25 13:03 - 00034768 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-06-24 17:18 - 2016-05-25 13:03 - 00134088 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-06-24 17:18 - 2016-05-25 13:04 - 00019408 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-06-24 17:18 - 2016-05-25 13:03 - 00116688 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-06-24 17:18 - 2016-05-25 13:03 - 00093640 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-06-03 14:02 - 2016-05-25 13:03 - 00018376 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\select.pyd
2016-06-03 14:02 - 2016-06-13 16:13 - 00019760 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00105928 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-06-24 17:18 - 2016-05-25 13:03 - 00392144 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-06-24 17:18 - 2016-06-13 16:13 - 00381752 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-06-24 17:18 - 2016-05-25 13:03 - 00692688 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00020816 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-06-24 17:18 - 2016-05-25 13:04 - 00123856 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 01682760 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00020808 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00021840 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00052024 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00038696 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00020936 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00024528 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00114640 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00124880 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00021832 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00024016 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00175560 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00030160 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00043472 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00048592 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00023872 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00026456 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00057808 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00024016 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00246592 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00028616 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00020800 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00019776 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00020800 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-06-24 17:18 - 2016-05-25 13:03 - 00134608 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-06-24 17:18 - 2016-05-25 13:04 - 00240584 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00020280 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00023376 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00350152 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00022352 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00024392 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00036296 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\librsync.dll
2016-06-24 17:18 - 2016-06-13 16:13 - 00084280 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-06-24 17:18 - 2016-06-13 16:13 - 01826096 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-06-03 14:02 - 2016-05-25 13:04 - 00083912 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\sip.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 03928880 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 01971504 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00531248 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00132912 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00223544 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00207672 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-06-24 17:18 - 2016-05-25 13:05 - 00060880 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00024904 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00546096 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-06-24 17:18 - 2016-06-13 16:13 - 00357680 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-06-24 17:18 - 2016-05-25 13:07 - 00017864 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-06-24 17:18 - 2016-05-25 13:07 - 01631184 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-06-03 14:01 - 2016-05-25 13:09 - 00697304 _____ () C:\Users\Laura\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2014-08-14 13:20 - 2014-01-03 17:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2016-06-17 20:07 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 20:07 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2012-10-01 22:37 - 2012-10-01 22:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-06-17 20:07 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\sharepoint.com -> hxxps://falconbgsu.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-05-06 03:18 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1745142471-199398243-411458533-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CDE21656-FF49-4388-894F-87BB639759B3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{AE4EDA96-8B16-4DBF-BC0D-99B4401F5007}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{980AE458-8664-45C8-8473-6D4D054B3AB7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4B04ADC7-C4B6-4DC7-A1D1-A2C9E5693741}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9236C8C7-D79F-4B14-BC60-E7A0FEA7BA69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9912086A-EDBA-4F4E-99C5-F9EA27412C96}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{89573E7F-3D99-4DC9-BD0F-2CBDEB492404}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{95905983-AB58-456B-898A-33B712306483}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{C4B30D76-65E2-45FF-A446-0AF94D981FBB}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{C4B7B1D9-B151-4221-93DA-C0BB54A60A1A}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{670CA9DD-06D2-4B95-A637-CE5E8E481DEE}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{D040BBA1-3B48-4371-A1EA-70461EBF4AB5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{7356136F-2CDF-4616-94D0-4F1CB11B2111}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{50CBBAF3-7CE5-4E2E-84C9-BDDA90150568}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{510D254C-75C3-422D-8B52-58BEC0B5A374}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EAA019B8-E4AB-4F1F-9C00-2EE3EC540DF4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F7E8F4F2-0953-40FB-8C23-7AD6D099EE12}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6990F7FE-105A-4104-93EC-9F56414BAB88}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2E899A4A-42A0-4145-9167-264698FBC018}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0BDF7CEC-E7E9-44D8-9DB6-B0F29C9F8A33}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{DACF1A3A-BB65-4197-8A51-6D0B3A874FBE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F8F8059B-DE79-41A7-8D2F-533B7B8041A0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{1EFD6080-4B53-4FE2-9AE4-911659B39588}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{B738E4C9-B018-41A4-B629-F18D7A9ED2E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5B830A27-37BF-415E-BC02-B7B6BAE13671}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{FC9ED15F-0EDB-49F8-9782-31CE140BD29E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{105DF14C-CCD4-40E6-914F-E139EEE591FE}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{D540D7BF-241D-4F71-9F15-D65AA1F4B897}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{33ED615E-37D5-4638-ABFA-426E0394347D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{226AC3B3-0C47-4A10-ADFF-BFFAD71837DF}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{E6E763FD-0F0E-41EA-AC0A-D298338EC07A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{26B2B8DB-98DB-4EEE-88C0-D894C9464842}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8B0B84F1-AA97-4C1A-8EC0-AE2335373AEC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{154A864B-6C7A-44FD-8BE9-3A4C65CCFEFF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{7BA56049-1BDF-4145-87DB-698A2BCD5944}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{3C7753B1-20BF-4BFB-AEA1-8D00DD40F968}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{D2CAB17B-E1B4-479B-BADC-3B975124C76A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{1D46A88C-4321-4A13-85AE-A4BC87D0AD73}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{FCF10C66-191E-49A7-ADF8-66BC15D4A8B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{B0D7E504-96BB-4DE5-AF50-9F77A3113E65}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{23C2F58C-DF2B-41D0-801F-B953C24195B7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{58728300-53BD-4DA8-BB64-AB2465B5BFF7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{21BBE050-97BD-47EE-994F-0EAB35AB9F6D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D41A91CB-C7D2-4DEC-8B4F-0B8EA6961457}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CFFA562A-6CF0-4082-B568-71FDDBE004E6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DCB8D0F5-5A06-4B9B-9B18-338D3E6667DE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{04C81DFA-D0FB-4473-A76D-3411B65E12B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5E5852B9-F5BD-445F-B9A8-3B97578D27C6}C:\users\laura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\laura\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B1FC81F-C9A5-49ED-A3B8-4EE4BB4535E2}C:\users\laura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\laura\appdata\roaming\spotify\spotify.exe
FirewallRules: [{293A7249-A012-48FE-9210-9CEE59044070}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69F3AB90-3100-4287-AF3C-480404E46CBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DBAD16D2-6190-4F63-9968-7552FAA06182}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5FB71DB2-EBCC-4DB9-AC6F-354EC75B4E73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55D5610C-FF11-4D06-8AA7-2EEF99DD08A9}] => (Allow) C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{95743FDE-FACB-4177-82D7-58B3E5CE17F0}] => (Allow) C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{23F23FD6-FD0F-47B9-92C7-8C5FC3DF2ED2}C:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{474355F1-AA4E-49F5-84F9-8AF0A0439697}C:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{02A3FFEE-0479-46DB-8C99-1CFE7394B5B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EBE4450F-A690-4B73-AB68-139612195A03}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8CE87528-A1F6-4972-AB5F-892AB946C6C8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D6356BA4-E401-4DDC-9F83-92B2BF2215C8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EF0B3F43-DB9B-4981-8EE9-EE72D27C3CB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5857001C-2AAB-4A9A-A7E1-2078DEB0837D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A819C1-787A-4310-B16F-C92D5325A7E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCBF94D5-22F6-4A71-9DAA-8062EAA48BB2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8266E611-BBC8-42B9-959A-B67906C8A562}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{12CD80AE-2CEC-4803-BBE8-242B6085A6C0}] => (Allow) C:\Users\Laura\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7271E3F5-EDFA-4D7E-8BB6-F36CF990ACCD}] => (Allow) C:\Users\Laura\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0AAAA375-F558-42AD-9024-261D4D7ED717}] => (Allow) C:\Users\Laura\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{09D15168-780A-4493-B738-98BC3EA48630}] => (Allow) C:\Users\Laura\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02ECFE32-1577-4725-AA20-5EEA6ADBF9C4}] => (Allow) C:\Users\Laura\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E006AA7-5869-44B3-B49C-EBC912E5A03A}] => (Allow) C:\Users\Laura\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2667CDB7-469E-41EE-A87F-BCFCE2607713}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-06-2016 23:12:49 JRT Pre-Junkware Removal
22-06-2016 15:07:07 Scheduled Checkpoint
24-06-2016 14:24:03 Removed SmartFTP Client
04-07-2016 23:07:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2016 12:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40965422
 
Error: (07/06/2016 12:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40965422
 
Error: (07/06/2016 12:49:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2016 12:49:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40956375
 
Error: (07/06/2016 12:49:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40956375
 
Error: (07/06/2016 12:49:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2016 12:49:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40954640
 
Error: (07/06/2016 12:49:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40954640
 
Error: (07/06/2016 12:49:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2016 12:49:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40953390
 
 
System errors:
=============
Error: (07/05/2016 11:25:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{205B3EAF-5DF3-4154-9F0E-8E035BA2A11A}.
The master browser is stopping or an election is being forced.
 
Error: (07/05/2016 11:24:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (07/05/2016 12:37:28 PM) (Source: DCOM) (EventID: 10010) (User: BAGA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (07/05/2016 12:36:59 PM) (Source: DCOM) (EventID: 10010) (User: BAGA)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
 
Error: (07/05/2016 12:34:59 PM) (Source: DCOM) (EventID: 10010) (User: BAGA)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
 
Error: (07/05/2016 12:32:59 PM) (Source: DCOM) (EventID: 10010) (User: BAGA)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
 
Error: (07/05/2016 12:32:46 PM) (Source: DCOM) (EventID: 10010) (User: BAGA)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
 
Error: (07/05/2016 12:30:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SolutoService service.
 
Error: (07/05/2016 11:51:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
Error: (07/04/2016 06:08:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SolutoService service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-24 15:49:04.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 70%
Total physical RAM: 4019.27 MB
Available physical RAM: 1195.91 MB
Total Virtual: 10419.27 MB
Available Virtual: 5599.4 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:448.93 GB) (Free:208.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9565D4C0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Thanks in advance for your help!!!

 


  • 0

Advertisements

#2
dbreeze
Posted 06 July 2016 - 03:12 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi lfranci,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.



- Save ALL Tools to your Desktop-


 


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.



Let's get started....
 

Please select "Follow this topic" in the upper right-hand corner; this will help you stay current with the replies to this thread.

 

Thanks for the FRST logs; I am reviewing them and will return shortly with a beginning to cleaning your system.

 

In the meantime, can you post the logs (you can attach these, if you like) for

TDSSkiller

HitmanPro

MalwareBytes

AdwCleaner.

 

Thank you.


  • 0

#3
dbreeze
Posted 06 July 2016 - 03:40 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

First, please move FRST64.exe from C:\Users\Laura\Downloads to your desktop.  To do this, right click on FRST64.exe, select CUT, right click on a blank space on your desktop and select PASTE.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\RunOnce: [Application Restart #9] => C:\Users\Laura\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\RunOnce: [Application Restart #6] => C:\Users\Laura\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
C:\Users\Laura\AppData\Local\SweetLabs App Platform
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?s=acer&m=start
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
C:\Users\Laura\AppData\Local\Hola
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Extension: (Adblock for Youtube™) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-06-24]
CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 npf; system32\drivers\npf.sys [X]
C:\Program Files\McAfee
C:\Program Files\Common Files\McAfee
C:\Windows\TEMP\cpuz136\cpuz136_x64.sys
C:\Windows\system32\drivers\npf.sys
2014-08-14 12:29 - 2014-08-14 12:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu4iesm.dll
C:\Users\Laura\AppData\Local\Temp\Hola-Setup-x64-1.11.916.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\libeay32.dll
C:\Users\Laura\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Laura\AppData\Local\Temp\msvcr120.dll
C:\Users\Laura\AppData\Local\Temp\oct2DE3.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct44B8.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct44DA.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4786.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4C43.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4CA6.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct51B3.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct5391.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct6FFF.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct7420.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct9A30.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct9CD1.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octB443.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octC6D.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octCEBA.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octD2FB.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF50.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF6F0.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF848.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF9.tmp.exe
C:\Users\Laura\AppData\Local\Temp\ose00000.exe
C:\Users\Laura\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_KDVQM-HMNFJ-P9PJX-96HDF-DJYGX_act_1_.exe
C:\Users\Laura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Laura\AppData\Local\Temp\sqlite3.dll
C:\Users\Laura\AppData\Local\Temp\uninstall.exe
C:\Users\Laura\AppData\Local\Temp\{2A433004-1601-4298-BD82-5B019870DD61}.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
IE trusted site: HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\hola.org -> hxxp://hola.org
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

 

Press%20the%20FIX%20button_zpsdd5zi3mt.p

 

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also, how is your system running now?

 


  • 0

#4
lfranci
Posted 08 July 2016 - 08:59 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Ok I tried following your instructions but I can't redownload an updated version of FIRST64. Windows defender is blocking my downloads; it says the download is a virus. This is the first time this has ever happened to me on this computer and I don't know how to fix it.  Also, shortly after making this post I ran another scan of Malwarebytes Anti-Malware and it magically found 4 PUPs which I quarantined and deleted. This issue with Windows Defender is the only problem I've had with my computer since then. Should I still continue with trying to clean my system? 


Edited by lfranci, 08 July 2016 - 09:00 PM.

  • 0

#5
dbreeze
Posted 08 July 2016 - 09:34 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

You can follow the steps here to temporarily turn Windows Defender off and then back on (after downloading the updated FRST64.exe).

 

http://www.eightforu...indows-8-a.html

 

NOTE: FRST64.exe and FRST.exe are safe files but are updated frequently; sometimes ever few hours as malware conditions change.  This makes it hard for the AV vendors to 'whitelist' FRST / FRST64 every time it changes.


  • 0

#6
lfranci
Posted 12 July 2016 - 12:30 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

The browser redirects have returned. Here is my Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
Ran by Laura (2016-07-12 13:57:42) Run:1
Running from C:\Users\Laura\Desktop
Loaded Profiles: Laura (Available Profiles: Laura)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\RunOnce: [Application Restart #9] => C:\Users\Laura\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\RunOnce: [Application Restart #6] => C:\Users\Laura\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (the data entry has 605 more characters).
C:\Users\Laura\AppData\Local\SweetLabs App Platform
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?s=acer&m=start
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
C:\Users\Laura\AppData\Local\Hola
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Extension: (Adblock for Youtube™) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-06-24]
CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 npf; system32\drivers\npf.sys [X]
C:\Program Files\McAfee
C:\Program Files\Common Files\McAfee
C:\Windows\TEMP\cpuz136\cpuz136_x64.sys
C:\Windows\system32\drivers\npf.sys
2014-08-14 12:29 - 2014-08-14 12:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu4iesm.dll
C:\Users\Laura\AppData\Local\Temp\Hola-Setup-x64-1.11.916.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Laura\AppData\Local\Temp\libeay32.dll
C:\Users\Laura\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Laura\AppData\Local\Temp\msvcr120.dll
C:\Users\Laura\AppData\Local\Temp\oct2DE3.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct44B8.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct44DA.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4786.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4C43.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct4CA6.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct51B3.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct5391.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct6FFF.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct7420.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct9A30.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oct9CD1.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octB443.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octC6D.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octCEBA.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octD2FB.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF50.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF6F0.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF848.tmp.exe
C:\Users\Laura\AppData\Local\Temp\octF9.tmp.exe
C:\Users\Laura\AppData\Local\Temp\ose00000.exe
C:\Users\Laura\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_KDVQM-HMNFJ-P9PJX-96HDF-DJYGX_act_1_.exe
C:\Users\Laura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Laura\AppData\Local\Temp\sqlite3.dll
C:\Users\Laura\AppData\Local\Temp\uninstall.exe
C:\Users\Laura\AppData\Local\Temp\{2A433004-1601-4298-BD82-5B019870DD61}.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
IE trusted site: HKU\S-1-5-21-1745142471-199398243-411458533-1001\...\hola.org -> hxxp://hola.org
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1745142471-199398243-411458533-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #9 => value removed successfully
HKU\S-1-5-21-1745142471-199398243-411458533-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #6 => value removed successfully
C:\Users\Laura\AppData\Local\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
Firefox "homepage" removed successfully
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => not found.
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Laura\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => not found.
"C:\Users\Laura\AppData\Local\Hola" => not found.
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => not found.
C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => not found.
C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk => moved successfully
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
McAPExe => service removed successfully
McMPFSvc => service removed successfully
cpuz136 => Unable to stop service.
cpuz136 => service removed successfully
npf => service not found.
C:\Program Files\McAfee => moved successfully
"C:\Program Files\Common Files\McAfee" => not found.
"C:\Windows\TEMP\cpuz136\cpuz136_x64.sys" => not found.
"C:\Windows\system32\drivers\npf.sys" => not found.
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu4iesm.dll => moved successfully
C:\Users\Laura\AppData\Local\Temp\Hola-Setup-x64-1.11.916.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Laura\AppData\Local\Temp\MSETUP4.EXE => moved successfully
C:\Users\Laura\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct2DE3.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct44B8.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct44DA.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct4786.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct4C43.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct4CA6.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct51B3.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct5391.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct6FFF.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct7420.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct9A30.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\oct9CD1.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octB443.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octC147.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octC6D.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octCEBA.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octD2FB.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octF50.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octF6F0.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octF848.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\octF9.tmp.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_KDVQM-HMNFJ-P9PJX-96HDF-DJYGX_act_1_.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Laura\AppData\Local\Temp\uninstall.exe => moved successfully
C:\Users\Laura\AppData\Local\Temp\{2A433004-1601-4298-BD82-5B019870DD61}.exe => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
"HKU\S-1-5-21-1745142471-199398243-411458533-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org" => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End ofCMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End ofCMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End ofCMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End ofCMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1745142471-199398243-411458533-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1745142471-199398243-411458533-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26237508 B
Java, Flash, Steam htmlcache => 695 B
Windows/system/drivers => 345550127 B
Edge => 0 B
Chrome => 472254469 B
Firefox => 16827942 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 427723 B
systemprofile32 => 13991112 B
LocalService => 178898 B
NetworkService => 106208 B
Laura => 6733828003 B
 
RecycleBin => 11872013059 B
EmptyTemp: => 18.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:03:22 ====

  • 0

#7
dbreeze
Posted 13 July 2016 - 01:42 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's see what gets found here first.
 

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt


Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


LAST >>>>

Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware from either the desktop shortcut or the Start menu shortcut.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


  • 0

#8
lfranci
Posted 16 July 2016 - 10:45 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 x64 
Ran by Laura (Administrator) on Sun 07/17/2016 at  0:38:13.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/17/2016 at  0:43:23.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#9
lfranci
Posted 16 July 2016 - 11:07 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

AdwCleaner Log:

# AdwCleaner v5.201 - Logfile created 17/07/2016 at 01:03:23
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-16.1 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Laura - BAGA
# Running from : C:\Users\Laura\Downloads\adwcleaner_5.201.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Amazon\Amazon1ButtonApp
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[-] File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Software Update Application
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmazonAppIE.GatewayFactory
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [6021 bytes] - [14/06/2016 23:06:10]
C:\AdwCleaner\AdwCleaner[C2].txt - [2432 bytes] - [17/07/2016 01:03:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [6224 bytes] - [14/06/2016 23:00:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [2572 bytes] - [17/07/2016 00:58:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2651 bytes] ##########

  • 0

#10
lfranci
Posted 16 July 2016 - 11:40 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/17/2016
Scan Time: 1:08 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.17.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Laura
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305829
Time Elapsed: 27 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements

#11
dbreeze
Posted 17 July 2016 - 01:43 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Create a folder on your desktop. Label that folder avz4. Download avz4.zip from here

  • Right click on AVZ.zip  and extract its contents. Click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window:
    020275823c7fa0f131340f831f6d3d68.png
  • Click Start to begin the update

Note: If you receive an error message, chose a different source, then click Start again
Please temporarily switch off your Internet connection and close/disable all anti virus and anti malware programs so they do not interfere with the using of AVZ
(Here or here you can read manual instructions on how to disable your security applications.)
 

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the Advanced System Analysis" check box.
    3d27c0f079fc0c896bfc22c1e92c44bb.png
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach virusinfo_syscheck.zip to your next post

To attach a file, do the following:

  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on 258e6fdb87c0aa8d0ed794fa357b345d.png to insert the attachment into your post

  • 0

#12
lfranci
Posted 17 July 2016 - 02:27 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

AVZ log is attached

Attached Files


  • 0

#13
dbreeze
Posted 17 July 2016 - 03:41 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

First, try the Chrome Cleanup Tool >>>>

Download the Chrome Cleanup Tool from here and run the program.
The utility will search for files that can be a problem with Chrome and correct / repair those.  Failing that it will open Chrome and walk you through a reset of Chrome.

If that fails to fix the problem, uninstall and reinstall Chrome >>>>

First, download a fresh copy of the Chrome installer:
32 bit systems -32 bit here
64 bit systems - 64 bit here

Note: Save the download file to your desktop for easy finding later.

Next, uninstall Chrome using the Control Panel Remove program app:

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Last, restart your system and install Chrome:
Double click on the install file on your desktop (from the First step) to run the installer.

Please use Chrome after the installation and check for any problems.


  • 0

#14
lfranci
Posted 17 July 2016 - 10:39 PM

lfranci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Chrome Cleanup found nothing, I uninstalled and reinstalled Chrome but the redirect virus usually only shows up after a few days of my computer running without it being reinstalled, I'm not sure how I can check if it's still there because all the adware removal tools (at least from my perception) keep saying my computer is clean when I know it's not. 


  • 0

#15
dbreeze
Posted 17 July 2016 - 10:51 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Have you tried resetting your router?  Usually, there is a small "pin hole" labeled RESET next to the power port of the router.  If you press in and hold the internal switch closed (with a pin or paper clip tip) for 10 seconds or more, the router will clear its memory and reset itself to factory defaults.  If you are not comfortable with resetting the router and possible configuration changes that may have to be made after that, you can always contact your ISP and have them help you with it.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, adware, virus, hijacking, help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP