Hi! I just purchased my Acer Aspire ES1-431-C7HZ laptop about 1 month ago. Upon my first ever startup, the computer was admittedly quite slow (built-in specs perhaps)? I probably aggravated the speed and performance by doing the following:
- Installing a cracked version of The Sims 4
- Downloading a torrent and ignoring Avast's prompt upon installation (thinking it was a false positive) -- this is when the prompts started coming up.
Everything was running fine (albeit slow) until I did #2 -- bad move, I know.
Now my computer is infected.
Just a few days ago, this happened -- every time I would start up my computer, these prompts would pop out (window title is RegSvr32):
Actions Taken:
1. I initially tried deleting the infected file(s) from the chest through Avast, but the system wouldn't let me remove it.
2. I also tried deleting the torrent file itself but it wouldn't. UPDATE as of writing, I am able to remove it.
3. Windows 10 "Reset" -- ie deleting all files. The system updated, but the reset did not take effect. After the update, it said that the reset failed (no particular reason given).
4. Just this morning, I tried doing a Boot-time scan and all infected files were "removed". However, the prompts still show and my computer is still running sooooo slow (ie loading time etc).
Needless to say, I vow never to install suspicious software ever again! I would really appreciate your help as I move on from this and start anew (hopefully)!
FRST log file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016
Ran by Tracie (administrator) on LAPTOP-L0I9GKF8 (19-06-2016 09:23:17)
Running from C:\Users\Tracie\Downloads
Loaded Profiles: Tracie (Available Profiles: Tracie)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Viber Media S.Ã r.l.) C:\Users\Tracie\AppData\Local\Viber\Viber.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.113_none_7689896a26389b16\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-11-23] ()
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-12] (AVAST Software)
HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\Run: [Viber] => C:\Users\Tracie\AppData\Local\Viber\Viber.exe [69528656 2016-05-16] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\Run: [IVsoft] => regsvr32.exe C:\Users\Tracie\AppData\Local\IVsoft\pdlTask.dll <===== ATTENTION
HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\Run: [Adworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Tracie\AppData\Local\Ubwmedia\rasApi90.dll
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-12] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d254912d-f5c0-4b23-a236-8a27965c01b3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{def7b0d6-9cb1-46c6-8033-8c83f4ad181f}: [DhcpNameServer] 40.32.1.66
Internet Explorer:
==================
HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_dnldastr_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBzz0FyD0ByBtB0B0EtCtN0D0Tzu0StCyCtAtDtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyBtDyD0D0A0BzytDtGtDzy0AyDtGyCtDtB0CtGyC0AtAzztGyEzzyD0DyE0FyD0EtBtA0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0B0D0DyDzyyD0EtGtB0CzytBtGyEyE0CtAtG0Bzzzz0CtGtDyCyE0E0AtDzyzzyD0Fzz0E2QtN0A0LzuyE%26cr%3D445461154%26a%3Dwnf_dnldastr_16_24%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3685475455-1046302800-2578143945-1001 -> DefaultScope {73F45490-5E18-45B4-AA7B-34F6F1ACA264} URL =
SearchScopes: HKU\S-1-5-21-3685475455-1046302800-2578143945-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_dnldastr_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBzz0FyD0ByBtB0B0EtCtN0D0Tzu0StCyCtAtDtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyBtDyD0D0A0BzytDtGtDzy0AyDtGyCtDtB0CtGyC0AtAzztGyEzzyD0DyE0FyD0EtBtA0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0B0D0DyDzyyD0EtGtB0CzytBtGyEyE0CtAtG0Bzzzz0CtGtDyCyE0E0AtDzyzzyD0Fzz0E2QtN0A0LzuyE%26cr%3D445461154%26a%3Dwnf_dnldastr_16_24%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3685475455-1046302800-2578143945-1001 -> {73F45490-5E18-45B4-AA7B-34F6F1ACA264} URL =
SearchScopes: HKU\S-1-5-21-3685475455-1046302800-2578143945-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
FireFox:
========
FF ProfilePath: C:\Users\Tracie\AppData\Roaming\Mozilla\Firefox\Profiles\j4itg7c6.default
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: English (US) Language Pack - C:\Users\Tracie\AppData\Roaming\Mozilla\Firefox\Profiles\j4itg7c6.default\Extensions\
[email protected] [2016-04-10]
FF Extension: Mozilla Partner Defaults - C:\Users\Tracie\AppData\Roaming\Mozilla\Firefox\Profiles\j4itg7c6.default\Extensions\
[email protected] [2016-04-10]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-12]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-12]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10]
CHR Extension: (Google Drive) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (Google Sheets) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (Avast Online Security) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Gmail) - C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon 1Button App Service; c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323152 2015-05-29] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-06-12] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-04-18] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-08-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-06-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-12] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [175152 2015-06-09] (ELAN Microelectronic Corp.)
R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [41984 2015-06-02] (Intel® Corporation)
S3 iauarte; C:\Windows\System32\drivers\iauarte.sys [112640 2015-06-02] (Intel® Corporation)
R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [5741816 2015-08-20] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated)
S3 Qcamain; C:\Windows\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-19 12:40 - 2016-06-18 21:14 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-19 12:36 - 2016-06-19 12:36 - 00000000 ____D C:\Windows.old
2016-06-19 12:34 - 2016-06-19 12:34 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-06-19 12:32 - 2016-06-19 12:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-19 12:32 - 2016-06-19 12:32 - 00000000 ____D C:\Program Files\MSBuild
2016-06-19 12:32 - 2016-06-19 12:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-06-19 12:32 - 2016-06-19 12:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-19 12:31 - 2015-10-24 09:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-06-19 12:31 - 2015-10-24 09:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-19 12:31 - 2015-10-24 09:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-06-19 12:30 - 2015-10-24 09:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-06-19 12:30 - 2015-10-24 09:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-06-19 12:30 - 2015-10-24 09:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-19 09:23 - 2016-06-19 09:25 - 00019357 _____ C:\Users\Tracie\Downloads\FRST.txt
2016-06-19 09:22 - 2016-06-19 09:23 - 00000000 ____D C:\FRST
2016-06-19 09:21 - 2016-06-19 09:21 - 02387456 _____ (Farbar) C:\Users\Tracie\Desktop\FRST64.exe
2016-06-19 09:17 - 2016-06-19 09:17 - 00008599 _____ C:\Users\Tracie\Desktop\pdlTask
2016-06-19 09:17 - 2016-06-19 09:17 - 00008277 _____ C:\Users\Tracie\Desktop\rasApi90
2016-06-18 22:38 - 2016-06-19 08:38 - 00001012 _____ C:\WINDOWS\Tasks\Yahoo! Powered nocif.job
2016-06-18 22:38 - 2016-06-19 08:38 - 00000000 ____D C:\ProgramData\{1C09D96A-964B-53AC-108D-CDEE8ACF4620}
2016-06-18 22:38 - 2016-06-18 22:39 - 00000000 ____D C:\Users\Tracie\AppData\Local\{754B4317-51E3-2FAF-3C7B-0A471813F6DF}
2016-06-18 22:38 - 2016-06-18 22:38 - 00004088 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered nocif
2016-06-18 22:38 - 2016-06-18 22:38 - 00002486 _____ C:\Users\Tracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-06-18 22:34 - 2016-06-18 22:36 - 01035592 _____ (Tik ) C:\Users\Tracie\Downloads\yahoo_messenger.exe
2016-06-18 21:23 - 2016-06-18 21:23 - 00000000 ____D C:\Users\Tracie\AppData\Local\ActiveSync
2016-06-18 21:20 - 2016-06-18 21:20 - 00000020 ___SH C:\Users\Tracie\ntuser.ini
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default\My Documents
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-06-18 21:09 - 2016-06-18 21:09 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-06-18 21:04 - 2016-06-18 21:04 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-06-18 20:56 - 2016-06-18 20:56 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-18 20:51 - 2016-06-18 20:58 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-06-18 20:49 - 2016-06-19 00:41 - 00000000 ____D C:\Users\Tracie
2016-06-18 20:49 - 2016-06-18 20:49 - 00000000 _SHDL C:\Users\Tracie\My Documents
2016-06-18 20:49 - 2016-06-18 20:49 - 00000000 _SHDL C:\Users\Tracie\Documents\My Videos
2016-06-18 20:49 - 2016-06-18 20:49 - 00000000 _SHDL C:\Users\Tracie\Documents\My Pictures
2016-06-18 20:49 - 2016-06-18 20:49 - 00000000 _SHDL C:\Users\Tracie\Documents\My Music
2016-06-18 20:45 - 2016-06-18 20:45 - 00000000 ____D C:\Program Files\Elantech
2016-06-18 20:44 - 2016-06-19 09:13 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-18 20:44 - 2016-06-18 20:44 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-06-18 20:44 - 2016-06-18 20:44 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-06-18 20:44 - 2016-06-18 20:44 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-18 20:44 - 2016-06-18 20:44 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-18 20:44 - 2016-06-18 20:44 - 00000000 ____D C:\Program Files\Realtek
2016-06-18 20:44 - 2015-08-20 15:44 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-06-18 20:44 - 2015-08-20 15:44 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-06-18 20:43 - 2016-06-18 20:51 - 00000000 ____D C:\Program Files\Intel
2016-06-12 18:36 - 2016-06-12 18:37 - 00000000 ____D C:\Users\Tracie\AppData\Local\Messenger
2016-06-12 18:35 - 2016-06-12 18:36 - 00001319 _____ C:\Users\Tracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2016-06-12 18:35 - 2016-06-12 18:35 - 00001320 _____ C:\Users\Tracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Messenger for Desktop.lnk
2016-06-12 18:35 - 2016-06-12 18:35 - 00000000 ____D C:\Program Files (x86)\Messenger for Desktop
2016-06-12 18:26 - 2016-06-18 21:04 - 00002392 _____ C:\WINDOWS\System32\Tasks\{6856F5E2-2BD1-4F48-AD6E-EBA7AB4248CB}
2016-06-12 18:26 - 2016-06-18 09:03 - 00000000 ____D C:\Users\Tracie\AppData\Local\Ubwmedia
2016-06-12 17:54 - 2016-06-18 21:04 - 00003368 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1465725283
2016-06-12 17:54 - 2016-06-12 17:54 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-06-12 17:54 - 2016-06-12 17:54 - 00001092 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-12 17:54 - 2016-06-12 17:54 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-12 17:04 - 2016-06-12 17:04 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2016-06-12 17:04 - 2016-06-12 17:04 - 00001977 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2016-06-12 17:02 - 2016-06-18 21:25 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-12 17:02 - 2016-06-12 17:00 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-06-12 17:02 - 2016-06-12 17:00 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-06-12 17:02 - 2016-06-12 17:00 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-06-12 17:02 - 2016-06-12 17:00 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-06-12 17:02 - 2016-06-12 17:00 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-06-12 17:02 - 2016-06-12 17:00 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-06-12 17:02 - 2016-06-12 17:00 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-06-12 17:02 - 2016-06-12 16:59 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-06-12 17:02 - 2016-06-12 16:59 - 00536312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2016-06-12 17:01 - 2016-06-12 17:00 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-06-12 17:00 - 2016-06-12 17:00 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-06-12 16:58 - 2016-04-22 15:57 - 00453288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-12 16:42 - 2016-06-12 18:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 16:42 - 2016-06-12 16:45 - 05139680 _____ (AVAST Software) C:\Users\Tracie\Downloads\avast_premier_antivirus_setup_online.exe
2016-06-12 16:39 - 2016-06-18 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-12 16:39 - 2016-06-12 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-12 16:39 - 2016-06-12 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-12 16:39 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-12 16:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-12 16:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-12 16:35 - 2016-06-12 16:37 - 00000000 ____D C:\Users\Tracie\AppData\Local\Comms
2016-06-12 16:26 - 2016-06-12 16:38 - 22851472 _____ (Malwarebytes ) C:\Users\Tracie\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 15:39 - 2016-06-12 15:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-11 22:12 - 2016-06-18 20:05 - 00000000 ___HD C:\$SysReset
2016-06-11 21:16 - 2016-06-11 21:16 - 00000337 _____ C:\UBT_UninstallLog.txt
2016-06-10 17:56 - 2016-06-10 17:56 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\Adobe
2016-05-31 00:51 - 2016-05-31 00:51 - 03696167 _____ C:\Users\Tracie\Documents\Carla.zip
2016-05-31 00:51 - 2016-05-31 00:51 - 02956055 _____ C:\Users\Tracie\Documents\Carla.7z
2016-05-30 22:03 - 2016-06-12 14:32 - 00000000 ____D C:\Users\Tracie\Documents\Carla
2016-05-30 21:37 - 2000-11-29 12:57 - 00390867 _____ (Macromedia, Inc.) C:\Users\Tracie\Downloads\RunMe.exe
2016-05-30 21:36 - 2016-05-30 21:36 - 00000000 ____D C:\Users\Tracie\AppData\LocalLow\Adobe
2016-05-30 21:15 - 2016-05-30 21:26 - 00000000 ____D C:\PhotoshopPortable
2016-05-30 07:11 - 2016-05-30 21:13 - 114427127 _____ (PortableAppZ.blogspot.com) C:\Users\Tracie\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual (1).exe
2016-05-28 16:11 - 2016-05-28 16:13 - 03204592 _____ (Blizzard Entertainment) C:\Users\Tracie\Downloads\Hearthstone-Setup.exe
2016-05-27 19:54 - 2016-05-27 19:55 - 00002374 _____ C:\Users\Tracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-22 18:27 - 2016-05-22 18:28 - 00000000 ____D C:\Users\Tracie\AppData\Local\Viber
2016-05-21 22:17 - 2016-06-12 18:35 - 00001180 _____ C:\Users\Tracie\Desktop\Messenger.lnk
2016-05-21 18:35 - 2016-05-21 22:17 - 29425536 _____ C:\Users\Tracie\Downloads\MessengerSetup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-19 12:40 - 2015-10-30 15:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-19 09:21 - 2016-04-20 22:52 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4216F36-20BC-48A9-82A7-BDDDFDEE8FDE}
2016-06-19 09:18 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-19 09:18 - 2015-07-22 11:08 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-19 09:15 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-19 09:14 - 2016-04-20 23:17 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\ViberPC
2016-06-19 09:13 - 2016-04-10 16:13 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 09:13 - 2016-04-10 15:33 - 00000000 __SHD C:\Users\Tracie\IntelGraphicsProfiles
2016-06-19 09:11 - 2016-04-27 13:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-19 09:10 - 2015-10-30 14:28 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-06-19 08:29 - 2016-04-10 16:13 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 08:25 - 2016-04-20 23:18 - 00000000 ____D C:\Users\Tracie\Documents\ViberDownloads
2016-06-19 08:18 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-18 21:41 - 2016-04-10 15:33 - 00000000 ____D C:\Users\Tracie\AppData\Local\Packages
2016-06-18 21:41 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 21:21 - 2016-04-27 13:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-18 21:14 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-18 21:08 - 2016-02-23 13:08 - 00036763 _____ C:\WINDOWS\diagerr.xml
2016-06-18 21:08 - 2016-02-23 13:08 - 00034293 _____ C:\WINDOWS\diagwrn.xml
2016-06-18 21:07 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-18 21:06 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-06-18 21:04 - 2016-04-11 21:18 - 00002550 _____ C:\WINDOWS\System32\Tasks\abDocsDllLoader
2016-06-18 21:04 - 2016-04-11 21:16 - 00002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2016-06-18 21:04 - 2016-04-10 16:13 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-18 21:04 - 2016-04-10 16:13 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-18 21:04 - 2016-02-23 13:01 - 00002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2016-06-18 21:04 - 2016-02-23 12:30 - 00002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2016-06-18 21:04 - 2016-02-23 12:27 - 00002222 _____ C:\WINDOWS\System32\Tasks\Power Management
2016-06-18 21:04 - 2015-07-22 11:07 - 00002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2016-06-18 21:04 - 2015-07-22 11:06 - 00004302 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2016-06-18 21:04 - 2015-07-22 11:06 - 00003854 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2016-06-18 21:04 - 2015-07-22 11:06 - 00002926 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2016-06-18 21:04 - 2015-07-22 11:06 - 00002888 _____ C:\WINDOWS\System32\Tasks\ACC
2016-06-18 21:04 - 2015-07-22 11:06 - 00002654 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine
2016-06-18 21:04 - 2015-07-22 11:06 - 00002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2016-06-18 21:03 - 2015-10-30 15:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-18 20:58 - 2016-04-27 13:34 - 00194168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-18 20:58 - 2016-04-20 23:16 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-06-18 20:58 - 2016-04-10 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-06-18 20:58 - 2016-04-10 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2016-06-18 20:58 - 2016-02-23 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2016-06-18 20:58 - 2016-02-23 12:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2016-06-18 20:58 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-18 20:58 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-06-18 20:57 - 2015-10-30 14:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-18 20:56 - 2015-07-10 17:05 - 00000000 ____D C:\Users\Default.migrated
2016-06-18 20:53 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-18 20:51 - 2015-10-30 15:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-18 20:51 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-18 20:47 - 2015-10-30 14:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-18 20:07 - 2016-04-27 14:56 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-18 09:43 - 2016-04-10 16:17 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 09:43 - 2016-04-10 16:17 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-12 17:54 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-12 17:54 - 2015-07-22 11:06 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-12 17:45 - 2015-07-22 11:07 - 00000000 ____D C:\ProgramData\McAfee
2016-06-12 17:45 - 2015-07-22 11:07 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-06-12 17:05 - 2016-04-10 16:09 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\AVAST Software
2016-06-12 16:38 - 2016-04-16 02:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-06-12 16:37 - 2016-04-10 14:38 - 00000000 ____D C:\Users\Tracie\AppData\Local\CrashDumps
2016-06-12 14:21 - 2016-04-10 15:33 - 00000000 ____D C:\Users\Tracie\AppData\Local\TileDataLayer
2016-06-11 22:00 - 2015-07-22 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-11 21:18 - 2015-07-22 11:07 - 00000000 ____D C:\Program Files\Acer
2016-06-11 21:16 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\OEM
2016-06-10 11:21 - 2016-05-01 16:23 - 00000000 ____D C:\Users\Tracie\AppData\Roaming\uTorrent
2016-06-09 21:49 - 2016-05-01 16:26 - 00000000 ____D C:\Users\Tracie\AppData\LocalLow\uTorrent
2016-05-27 19:55 - 2016-04-10 14:39 - 00000000 ___RD C:\Users\Tracie\OneDrive
2016-05-21 22:20 - 2016-04-29 23:15 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2016-06-18 20:44 - 2016-06-18 20:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-18 20:41
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016
Ran by Tracie (2016-06-19 09:25:55)
Running from C:\Users\Tracie\Downloads
Windows 10 Home Single Language Version 1511 (X64) (2016-06-18 13:13:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3685475455-1046302800-2578143945-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3685475455-1046302800-2578143945-503 - Limited - Disabled)
Guest (S-1-5-21-3685475455-1046302800-2578143945-501 - Limited - Disabled)
julte (S-1-5-21-3685475455-1046302800-2578143945-1002 - Limited - Enabled)
Tracie (S-1-5-21-3685475455-1046302800-2578143945-1001 - Administrator - Enabled) => C:\Users\Tracie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\uTorrent) (Version: 3.4.6.42178 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2001.5 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ATTENTION
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.4 - AVAST Software)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
eBay Worldwide (HKLM-x32\...\{3DC26EA7-03E3-4353-9424-EEB7A34A7504}) (Version: 2.5.0427 - OEM)
ELAN HIDI2C Filter Driver X64 13.6.3.1_WHQL (HKLM\...\Elantech) (Version: 13.6.3.1 - ELAN Microelectronic Corp.)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 43.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.65 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
The Sims 4 version 1.0.732.20 (HKLM-x32\...\{E8A03879-504D-4B44-A74A-C50B41602520}_is1) (Version: 1.0.732.20 - Soleed)
Viber (HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Viber (x32 Version: 6.0.1.5 - Viber Media Inc.) Hidden
Yahoo! Powered (HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\winsearch) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3685475455-1046302800-2578143945-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tracie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {084E42B7-62A9-435A-9D21-71F86CF4CDA0} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-10] ()
Task: {13C152A6-2BFB-42CC-86B6-F122519744E7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {19A806C0-0B94-4EA5-8002-6DD280893582} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe
Task: {1F454447-BBAE-490A-A9D5-5EB0535B7546} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {2A28F2FD-1B30-40DE-8F47-06B37BE00669} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-29] (AVAST Software)
Task: {38714253-B7AC-43BA-97CB-CA1FCD5C122C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {3E651A55-76B0-4E62-B1D5-28BA8C01DAD6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-12] (AVAST Software)
Task: {56B20C45-A3C7-4F04-AF7A-87DE8F3591DF} - System32\Tasks\{6856F5E2-2BD1-4F48-AD6E-EBA7AB4248CB} => pcalua.exe -a "F:\Microsoft Office 2013 Professional Plus (Full)\x64\setup.exe" -d "F:\Microsoft Office 2013 Professional Plus (Full)\x64"
Task: {5CBCFC47-308F-44B2-881F-5CF310D823B6} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated)
Task: {5D3C7729-8BCA-4D4C-B564-B6D3BD9CF768} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {5EA036ED-F389-4483-912A-D61953907589} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {6252459D-3DF3-47D0-8200-A13EE8323E85} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {88E642A5-1732-48D7-9DA3-E301EF139B49} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {9219CD18-220D-4EDF-9040-02840BB785C3} - System32\Tasks\Yahoo! Powered nocif => Wscript.exe "C:\ProgramData\{1C09D96A-964B-53AC-108D-CDEE8ACF4620}\tosa.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b31433039443936412d393634422d353341432d313038442d4344454538414346343632307d5c72696469746f" "433a5c50726f6772616d446174615c7b31433039443936412d393634422d353341432d313038 (the data entry has 78 more characters).
Task: {A978D92E-2108-400B-8D3E-1FFFDA04C3D0} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-04-18] (Acer Incorporated)
Task: {BF084797-BDFE-405C-8A20-FE9095DB12E3} - System32\Tasks\SafeZone scheduled Autoupdate 1465725283 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E2C5A496-CF8E-485B-95D1-293B1E003B4E} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] ()
Task: {F369E9A6-3377-4046-B342-6767C462F539} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-09] (Acer Incorporated)
Task: {F6A5DBE9-0406-42F1-BD29-1DB47444924E} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-04-10] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered nocif.job => Wscript.exe C:\ProgramData\{1C09D96A-964B-53AC-108D-CDEE8ACF4620}\tosa.txt <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-02-26 11:12 - 2015-02-26 11:12 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-05-29 23:07 - 2016-05-29 23:07 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-04-27 13:14 - 2016-04-27 13:14 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-27 13:14 - 2016-04-27 13:14 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-27 13:28 - 2016-04-27 13:28 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-09-02 11:42 - 2015-08-20 15:44 - 00395368 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-27 13:14 - 2016-04-27 13:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-27 13:14 - 2016-04-27 13:14 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-27 13:14 - 2016-04-27 13:14 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-27 13:14 - 2016-04-27 13:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-27 13:14 - 2016-04-27 13:14 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-27 13:14 - 2016-04-27 13:14 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-23 13:01 - 2015-05-14 15:10 - 00030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2015-02-26 11:12 - 2015-02-26 11:12 - 00330240 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-07-10 18:38 - 2015-07-10 18:38 - 04580704 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\...\amazon.com -> hxxps://amazon.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 19:04 - 2015-07-10 19:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3685475455-1046302800-2578143945-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F2393E70-6C7E-4BED-9EF1-98416644F3F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A871ECEC-8744-456E-ACB6-C7302CC082D3}] => (Allow) C:\Users\Tracie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E5DCCD6D-0B77-4E59-8148-6D47A54E1459}] => (Allow) C:\Users\Tracie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E22498A-4ED4-425C-975C-2BAD798DAC31}] => (Allow) C:\Users\Tracie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D03D9F58-2156-4CA7-9693-6A7182180DF1}] => (Allow) C:\Users\Tracie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BF35AADD-9C70-4A0F-A108-7D12A7884369}] => (Allow) C:\Users\Tracie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A667F890-E9A2-417F-87BF-551FFEEC698F}] => (Allow) C:\Users\Tracie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{638EF315-E5AA-4B1D-BE1A-0EC842468FF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{049E7F20-F1FA-44AC-8EF8-52B8D1E2CD81}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{7E514B1B-23EC-4C9F-AF85-7569EB829E9D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A38B736E-8C88-4CF0-87B4-DCE3DE98B043}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{921ED397-45FC-4C89-901D-9CBA6ECD88A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{10A0DC6C-5176-417A-B31C-F1598676D58C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{496AA0E9-1105-455F-934D-461549EDBBA7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D97EA944-0645-407C-85AC-ED6A18509410}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{94EDAAC0-EAF2-4ACC-B280-3DF8FC323B5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{0E63E9AB-23C8-4215-8B62-D13B67F75EE9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8CD5711D-5E06-4289-9292-428F46A4DB97}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{BC52D097-EC95-44DC-85AF-5ABD16BA3933}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{29EC1C63-CF69-40F3-A333-529D6266DED5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{599EF564-9AD5-4EF1-A647-E0322BE6C3FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2016 09:04:33 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
Error: (06/18/2016 09:01:37 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
Error: (06/18/2016 09:01:36 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: 0x8007085A
Error: (06/18/2016 09:01:34 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A
System errors:
=============
Error: (06/19/2016 09:10:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_532812 service to connect.
Error: (06/19/2016 09:10:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_532812 service to connect.
Error: (06/19/2016 09:10:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_532812 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/19/2016 09:10:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_532812 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/19/2016 09:10:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_532812 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/19/2016 09:10:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_532812 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (06/19/2016 09:10:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/18/2016 10:40:46 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-L0I9GKF8)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
Error: (06/18/2016 10:40:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_45f133 service to connect.
Error: (06/18/2016 10:40:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_45f133 service to connect.
CodeIntegrity:
===================================
Date: 2016-06-18 22:33:45.599
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-18 21:03:57.009
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-18 21:02:00.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-18 20:42:24.037
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU N3150 @ 1.60GHz
Percentage of memory in use: 91%
Total physical RAM: 1962.02 MB
Available physical RAM: 173.37 MB
Total Virtual: 3114.02 MB
Available Virtual: 811.3 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:410.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F2AA39D)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by liltreyz, 18 June 2016 - 07:59 PM.