Solved Pretty sure our laptop has a virus/malware but don't know what to do - need step-by-step instruction

[Gitanjali]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by owner (administrator) on ACER (11-01-2016 17:26:20)
Running from E:\
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [uTorrent] => C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-01-10]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{1CF1C519-43BC-43DC-A100-5452BECE63BD}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set_ff&s=G1Azbwybl01,2e5a8f18-7777-4848-9eed-2132ef3331e1,
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-03]
FF Extension: McAfee WebAdvisor - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
StartMenuInternet: FIREFOX.EXE - firefox.exe

 

[Gitanjali]

Chrome:
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
CHR Extension: (Taplika New Tab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-11-25]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-25]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-09] (Dritek System INC.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-09] (Dritek System Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-10] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [34512 2015-10-26] ()
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 00:28 - 2016-01-11 00:28 - 00000000 ____D C:\Users\owner\Desktop\PC Cleaners
2016-01-11 00:02 - 2016-01-11 00:05 - 00000000 ____D C:\AdwCleaner
2016-01-10 23:39 - 2016-01-10 23:39 - 00168424 _____ C:\2016 Jan 10 1432 pm log.txt
2016-01-10 23:38 - 2016-01-10 23:38 - 00004151 _____ C:\Daily Protection Log Jan 16 2016.txt
2016-01-10 23:38 - 2016-01-10 23:38 - 00001245 _____ C:\2016 Jan 10 1052 pm log.txt
2016-01-10 23:36 - 2016-01-10 23:36 - 00001061 _____ C:\2016 Jan 10 1116 pm log.txt
2016-01-10 22:35 - 2016-01-10 22:50 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-10 22:35 - 2016-01-10 22:35 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-10 22:03 - 2016-01-10 22:03 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-01-10 20:45 - 2016-01-10 20:45 - 00000000 ____D C:\Program Files\Task Service
2016-01-10 20:44 - 2016-01-10 20:44 - 00000000 ____D C:\Program Files\Scan Service
2016-01-10 18:13 - 2016-01-11 17:26 - 00000000 ____D C:\FRST
2016-01-10 15:07 - 2016-01-10 20:45 - 00071168 _____ (Microsoft) C:\WINDOWS\system32\WindowsLock.exe
2016-01-10 15:07 - 2016-01-10 20:44 - 00140288 _____ (Microsoft) C:\WINDOWS\system32\MalwareScanner.exe
2016-01-10 14:30 - 2016-01-10 23:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-09 21:13 - 2016-01-10 22:13 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2016-01-09 21:08 - 2016-01-10 14:56 - 00001422 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-09 21:00 - 2016-01-09 21:00 - 00000000 ____D C:\ProgramData\fc7235fa-41a3-1
2016-01-09 20:58 - 2016-01-09 20:58 - 00000000 ____D C:\ProgramData\ad8a10da-14d7-1
2016-01-09 20:57 - 2016-01-09 20:57 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\ProgramData\Norton
2016-01-09 19:33 - 2016-01-11 17:26 - 01524824 _____ C:\WINDOWS\ntbtlog.txt
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (5).exe
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (4).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (3).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (2).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\Program Files\CCleaner
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513.exe
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (1).exe
2016-01-09 18:15 - 2016-01-09 18:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-78e1-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-3443-1
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-2473-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-09a5-1
2016-01-09 18:00 - 2016-01-09 18:00 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-01-09 17:18 - 2016-01-09 17:18 - 00000015 _____ C:\WINDOWS\system32\config.conf
2016-01-09 17:18 - 2016-01-09 17:18 - 00000000 ____D C:\WINDOWS\system32\jurk
2016-01-09 16:42 - 2016-01-09 19:26 - 00004720 _____ C:\WINDOWS\SysWOW64\Kefzha.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\SysWOW64\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\system32\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Tempfolder
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\uninst
2016-01-09 16:42 - 2016-01-09 15:28 - 00768376 _____ C:\WINDOWS\system32\Kefzha64.dll
2016-01-09 16:42 - 2016-01-09 15:28 - 00289144 _____ C:\WINDOWS\SysWOW64\Kefzha.dll
2016-01-09 16:38 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Setup Support for Looksafe
2016-01-09 16:36 - 2016-01-09 16:36 - 00004944 _____ C:\WINDOWS\System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
2016-01-09 16:36 - 2016-01-09 16:36 - 00004932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\WINDOWS\system32\Express
2016-01-09 16:34 - 2016-01-09 16:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452386042
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\Opera Software
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Local\Opera Software
2016-01-09 16:33 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-09 16:31 - 2016-01-09 16:31 - 05142944 _____ (hxxp://spring-files.com) C:\Users\owner\Downloads\Into_the_Wild_2007_1080p_BrRip_x264_-_YIFY_downloader.exe
2016-01-09 16:31 - 2016-01-09 16:29 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-09 16:29 - 2016-01-09 16:29 - 01017652 _____ C:\Users\owner\Downloads\Into The Wild 2007 1080p BrR Downloader.rar
2016-01-09 16:27 - 2016-01-09 16:30 - 00000022 _____ C:\Users\owner\Downloads\into.the.wild.2007.1080p..zip-.zip
2016-01-09 15:59 - 2016-01-09 15:59 - 00033072 _____ C:\Users\owner\Downloads\Deliver Us from Evil 2014.torrent
2016-01-09 15:40 - 2016-01-09 15:40 - 00019657 _____ C:\Users\owner\Downloads\[kat.cr]devil.s.knot.2013.1080p.brrip.x264.yify.torrent
2016-01-09 15:22 - 2016-01-09 15:22 - 00013243 _____ C:\Users\owner\Downloads\[kat.cr]enemy.2013.1080p.x264.dd5.1.en.nl.subs.asian.torrenz.torrent
2016-01-09 14:59 - 2016-01-09 14:59 - 00019431 _____ C:\Users\owner\Downloads\[kat.cr]leviathan.2014.1080p.brrip.x264.ac3.jyk.torrent
2016-01-09 14:38 - 2016-01-09 14:38 - 00118580 _____ C:\Users\owner\Downloads\[kat.cr]meru.2015.brrip.xvid.ac3.evo.torrent
2016-01-09 14:18 - 2016-01-09 14:18 - 00087738 _____ C:\Users\owner\Downloads\[kat.cr]selma.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 13:44 - 2016-01-09 13:44 - 00019546 _____ C:\Users\owner\Downloads\[kat.cr]dilwale.2015.desiscr.950mb.torrent
2016-01-09 13:29 - 2016-01-09 13:29 - 00028395 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2.hdrip.torrent
2016-01-09 13:16 - 2016-01-09 13:16 - 00192082 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2012.bdrip.xvid.eng.ita.ac3.torrent
2016-01-09 12:46 - 2016-01-09 12:46 - 00067266 _____ C:\Users\owner\Downloads\[kat.cr]straight.outta.compton.2015.dc.1080p.bluray.h264.aac.rarbg.torrent
2016-01-09 12:19 - 2016-01-09 12:19 - 00140864 _____ C:\Users\owner\Downloads\[kat.cr]whiplash.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 12:08 - 2016-01-09 12:08 - 00017330 _____ C:\Users\owner\Downloads\[kat.cr]chef.2014.2ndtimearound.torrent
2016-01-09 12:07 - 2016-01-09 12:07 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (2).torrent
2016-01-09 12:06 - 2016-01-09 12:06 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (1).torrent
2016-01-09 12:05 - 2016-01-09 12:05 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw.torrent
2016-01-09 11:50 - 2016-01-09 11:50 - 00019667 _____ C:\Users\owner\Downloads\[kat.cr]nightcrawler.2014.1080p.brrip.x264.yify.torrent
2016-01-09 11:30 - 2016-01-09 11:30 - 00014728 _____ C:\Users\owner\Downloads\[kat.cr]diablo.2016.hdrip.xvid.ac3.evo.torrent
2016-01-09 10:55 - 2016-01-09 10:55 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu (1).torrent
2016-01-09 10:54 - 2016-01-09 10:54 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu.torrent
2016-01-09 10:45 - 2016-01-09 10:45 - 00031210 _____ C:\Users\owner\Downloads\[kat.cr]the.little.prince.2015.bluray.1080p.dts.hd.ma.5.1.x264.mteam.mkv.torrent
2016-01-09 10:21 - 2016-01-09 10:21 - 00010218 _____ C:\Users\owner\Downloads\[kat.cr]mad.max.fury.road.2015.720p.brrip.x264.yify.torrent
2016-01-09 10:12 - 2016-01-09 10:12 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg (1).torrent
2016-01-09 10:10 - 2016-01-09 10:10 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg.torrent
2016-01-09 09:54 - 2016-01-09 09:54 - 00019417 _____ C:\Users\owner\Downloads\[kat.cr]san.andreas.2015.1080p.brrip.x264.yify.torrent
2016-01-09 09:38 - 2016-01-09 09:38 - 00106326 _____ C:\Users\owner\Downloads\[kat.cr]the.sponge.bob.movie.sponge.out.of.water.2015.cam.xvid.vain.torrent
2016-01-09 09:32 - 2016-01-09 09:32 - 00022617 _____ C:\Users\owner\Downloads\[kat.cr]divergent.2014.1080p.bluray.x264.ac3.dd5.1.inam.torrent
2016-01-09 09:12 - 2016-01-09 09:12 - 00120298 _____ C:\Users\owner\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (2).tif
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (1).tif
2016-01-08 11:43 - 2016-01-08 11:43 - 14655654 _____ C:\Users\owner\Downloads\scan4.tif
2016-01-07 07:28 - 2016-01-11 17:11 - 00000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
2016-01-04 17:09 - 2016-01-08 20:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-04 17:04 - 2016-01-04 17:06 - 68037144 _____ C:\Users\owner\Downloads\OBS_0_657b_With_Browser_Installer.exe
2016-01-03 21:42 - 2016-01-10 14:56 - 00001619 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-01-03 21:42 - 2016-01-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-01-03 21:42 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-12-31 09:58 - 2016-01-08 11:45 - 00076288 ___SH C:\Users\owner\Downloads\Thumbs.db
2015-12-28 17:04 - 2015-12-28 17:04 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-12-28 10:18 - 2015-12-28 10:18 - 00000000 ____D C:\Users\owner\AppData\Roaming\Gyazo
2015-12-28 10:16 - 2015-12-29 08:17 - 00000000 ____D C:\Program Files (x86)\Gyazo
2015-12-28 10:16 - 2015-12-28 10:16 - 09986504 _____ (Nota Inc. ) C:\Users\owner\Downloads\Gyazo-3.1.6.exe
2015-12-28 10:16 - 2015-12-28 10:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2015-12-28 10:16 - 2015-12-28 10:16 - 00003274 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2015-12-28 10:16 - 2015-12-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-12-27 17:52 - 2015-12-27 17:52 - 00000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Hewlett-Packard
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\System.sav
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-27 17:21 - 2015-12-27 17:21 - 00000000 ____D C:\Users\owner\AppData\Roaming\hpqLog
2015-12-27 17:05 - 2015-12-27 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-12-27 17:04 - 2015-12-27 17:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-27 17:02 - 2015-12-27 17:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-12-21 23:27 - 2016-01-10 14:56 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 23:27 - 2015-12-21 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Users\owner\AppData\Local\PAYDAY 2
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-12-13 15:06 - 2016-01-10 14:56 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2015-12-13 15:06 - 2015-12-13 15:06 - 00374903 _____ C:\Users\owner\Downloads\Athenas *** MH4G 0.81b.rar

 

[Gitanjali]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 17:20 - 2015-04-08 11:24 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
2016-01-11 17:20 - 2015-04-02 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-11 17:20 - 2015-03-31 11:26 - 00000000 ___RD C:\Users\owner\OneDrive
2016-01-11 17:20 - 2015-03-30 19:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 17:20 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-11 17:13 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-11 17:13 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-11 17:12 - 2015-04-08 11:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2016-01-11 17:11 - 2015-04-08 11:25 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2016-01-11 00:17 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-10 22:04 - 2015-09-16 07:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-10 21:14 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-10 20:54 - 2015-03-30 19:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 20:52 - 2015-01-20 17:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3773202632-424774445-890114178-1001
2016-01-10 20:37 - 2015-10-17 21:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-10 20:36 - 2013-08-22 07:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-10 20:36 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-01-10 14:56 - 2015-11-24 22:00 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-01-10 14:56 - 2015-10-26 15:43 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2016-01-10 14:56 - 2015-04-16 18:45 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 14:56 - 2015-04-16 18:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-10 14:56 - 2015-04-08 11:26 - 00000877 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-10 14:56 - 2015-03-30 20:52 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-10 14:56 - 2015-01-22 22:29 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-10 14:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\System
2016-01-10 14:56 - 2012-10-09 15:00 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-01-10 14:56 - 2012-10-09 14:53 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk
2016-01-10 14:56 - 2012-09-03 08:10 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2016-01-09 21:28 - 2015-03-12 16:27 - 00000000 ____D C:\Users\owner\AppData\Local\Deployment
2016-01-09 21:15 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-09 21:09 - 2015-07-20 16:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2016-01-09 21:09 - 2015-04-09 16:09 - 00551936 ___SH C:\Users\owner\Desktop\Thumbs.db
2016-01-09 19:42 - 2015-05-13 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2016-01-09 19:02 - 2012-07-25 21:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-01-09 18:47 - 2015-12-11 09:48 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-09 18:47 - 2015-01-23 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-09 18:13 - 2015-06-07 15:45 - 00000000 ____D C:\Users\owner\AppData\Roaming\Curse Client
2016-01-09 18:00 - 2015-06-07 13:52 - 00000000 ____D C:\Users\owner\AppData\Local\NexonLauncher
2016-01-09 14:49 - 2015-02-26 12:13 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59AA9515-0EFB-4314-9DA6-B2B84CDB5218}
2016-01-08 14:02 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-04 22:00 - 2015-01-22 22:26 - 00000000 ____D C:\Users\owner
2016-01-03 21:49 - 2015-10-12 21:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\TS3Client
2016-01-03 21:42 - 2015-03-30 19:19 - 00000000 ____D C:\Users\owner\AppData\Roaming\Riot Games
2016-01-03 20:37 - 2015-10-23 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2015-12-29 13:38 - 2013-08-22 06:44 - 00513128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 17:04 - 2015-09-16 07:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 17:22 - 2015-09-15 07:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-27 17:22 - 2012-09-03 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-25 17:54 - 2015-07-20 16:05 - 00000000 ____D C:\ProgramData\Skype
2015-12-24 12:57 - 2015-04-02 18:19 - 00000000 ____D C:\Users\owner\AppData\Local\Steam
2015-12-21 23:27 - 2015-07-20 16:06 - 00000000 ____D C:\Users\owner\AppData\Local\Skype
2015-12-21 23:27 - 2015-07-20 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 23:16 - 2012-09-03 08:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-20 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\Program Files (x86)\NCH Software

==================== Files in the root of some directories =======

2016-01-10 22:03 - 2016-01-10 22:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll
C:\Users\owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-03 06:38

==================== End of FRST.txt ============================

 

[Gitanjali]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by owner (2016-01-11 17:27:31)
Running from E:\
Windows 8.1 (X64) (2015-01-23 06:44:37)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3773202632-424774445-890114178-500 - Administrator - Disabled)
Guest (S-1-5-21-3773202632-424774445-890114178-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3773202632-424774445-890114178-1005 - Limited - Enabled)
owner (S-1-5-21-3773202632-424774445-890114178-1001 - Administrator - Enabled) => C:\Users\owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version: - 2Play)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.10010 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.10010 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
Fallout 3 - The Garden of Eden Creation Kit (HKLM-x32\...\{B343B0E3-212A-40B9-8207-1BD299228F5D}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
osu! (HKLM-x32\...\{12d09afc-32f6-4832-997f-7eb4503e4cdc}) (Version: latest - ppy Pty Ltd)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.25 - NCH Software)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

[Gitanjali]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3773202632-424774445-890114178-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11BD7304-492C-4439-9D34-A81068D0C392} - System32\Tasks\RSPro => C:\Users\owner\AppData\Local\SearchModule\dblaunch.exe
Task: {1A212BEF-CCD3-4085-BB8E-7E2016157EFB} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {1A546FC0-FA8F-4CED-A832-6AFCE1A6B2DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {22B26FFA-C210-45FC-B7B2-6F1BE8C209B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {285ED968-B027-4E84-89B2-FCAE719FC597} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {2D2677DF-ECED-40D3-9494-DEEFF6DFCBA8} - System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837 => 50000
Task: {32179E0D-7013-4B23-A43B-8382F890FECB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {3334EB49-C86F-45BD-8145-728921B1AE75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {49E18F13-C232-46E5-B2B9-CB9A6B05EDAF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {4B4EA442-4CBE-431C-A8F1-9A6A94D2A2C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main => 50000,1
Task: {52059878-BC54-47DF-9E6E-CBA49724460E} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {5D102AA7-504E-4431-A61D-C495A561C3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {850B6F24-BFEA-4BDC-BB72-E7C8F2C5D23E} - System32\Tasks\Opera scheduled Autoupdate 1452386042 => C:\Program Files (x86)\Opera\launcher.exe
Task: {889A02E4-9406-4332-950C-98E052F215FD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {A23E1D8E-B2C8-4179-8E36-5F1D94FEB50A} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3773202632-424774445-890114178-1001
Task: {A4561249-F93C-42DD-9156-9C763476AE13} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {A477CF67-A8F7-4DE2-B002-921BDC79B211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {AAEA193D-3DD3-4D12-B57E-AD3C71C7F783} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {B3552ACF-EA18-40A2-9D83-B3EBA7173A0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {B62A1854-5E8B-4971-A249-401D4464FF54} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BD4E8E43-4441-4A4B-8137-BE0060B0F289} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {C80AA8E6-C6C0-4160-B234-B2589888E728} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {D0395F3B-097A-47A4-A07D-D3977F7D3FD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D1BE1EA4-7412-4A4B-9468-76D0C35F4DE6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-13 15:06 - 2015-12-13 15:06 - 00105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kefzha => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2016-01-09 16:29 - 00000967 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3773202632-424774445-890114178-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\Desktop\New folder\League Of Legends\anniieee.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45AFC69B-DD85-491F-A121-0FE3CD033EE4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4130F6DC-3B45-4354-A49C-FBAD53119841}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0FFFD599-15B6-4858-80E6-7E8449CB35BF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{5A612CFD-EC4E-405A-A0B2-408B38B82BEF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{50225025-660C-4102-83C6-FC8803490270}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F79F52EC-0051-4597-99C6-50FC6511DD76}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D0008F95-E587-4738-B434-8469678CAF6C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{2372B709-583A-4CA1-8B39-3A3B00BFE118}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{FBAFC8A2-3D85-4EBA-8BD9-CC33426247C9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{661E39FE-A22C-4FF3-9C42-438D8B6252D1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{ADD89591-BF1D-4A9E-8CB6-5FADAB2F65BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{6EC0726F-932C-4F82-A2C4-F27A6C774D21}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{D18EF725-A515-48B4-AA17-58A6021DA880}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{196AA019-79B8-4BFB-9F13-856ED2E77025}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{087A0E6D-C921-4258-A987-A1EECF0D98BE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{957139A4-98EE-42C2-B5AA-51A269DE88BE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{382E3C32-7A8A-40EE-8CBF-4C700B59B1E2}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{03CEFACE-01E8-4DF6-8929-CCD5BFFB4D31}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{748587E8-CA09-41CE-84AF-3866BD51D39D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E85DAA5B-5347-4398-8862-0791C240EF99}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B8B50EA-455F-4836-AA1A-FE1CCD4070E2}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{0B1C6426-DE02-4BE3-9BE4-C8D7AA5B9F3B}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{45D560FA-E29D-483B-AAE9-89B06D273334}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{862083EF-C645-422D-B63B-D4B591E79347}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{496BAAEC-1EEA-4342-9368-F2CA236BF833}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A602A103-F637-46DC-A7B1-AD2D8BC9C5B3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F46B58C5-67AA-4520-B0B6-90F3003FA328}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{72BDFD15-1D3C-4A36-9169-132C84E2BDED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{D49ABA06-CD5E-4A24-B168-304FDEF23904}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{54DD60BA-0703-404D-B3DD-A8C48E6527FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{03671CCF-F445-46EA-88F5-5B83727C2905}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{4884F52E-8313-4EC3-BCF2-1C4B4338476D}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D8AE82D-DA33-451E-9108-EABAAFF48AD8}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CD803A6-6D40-4EE2-993E-4CCCB190C24F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09C531A4-AF25-4C8E-A7A9-4D8894DB5DDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB461A63-FE1C-4ABF-856E-FEDC49440827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{6B2A2449-DBEE-418A-B769-747D260C3191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1AD76F74-BB66-4FC2-B32C-FD0157E51F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{985A62D7-2625-4CEC-9FCB-C0746AC37E74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{C2054F28-7AEF-4491-B6F0-A2C7414B9195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{4712CD1F-307D-4A3D-9A14-AC6FF380D125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{3FE407AE-5250-4459-ABDE-24ED2CC6E583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{4076E0CF-810A-4FF3-B4AD-AF06FDEA8566}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{B62A2FEF-D57D-4387-9D11-65BC412A88CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{277C55A8-7073-432B-A447-A2E728429E93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{AB498CEE-CC1A-4951-BADC-1CA3CF7B9E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{01F95391-ED01-4F64-9018-B6100F39FEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [TCP Query User{72AA06B1-F211-4A33-9E5B-BDA97F16FEC8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CC91630A-F57E-45BC-9C16-DA8830869D75}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3D3FDDFC-5839-4C00-B16D-BF6AF86422A1}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7BC13CB3-B503-477D-BB1A-4817324D0E29}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7C9DF681-98A8-4176-9F02-5AB9EEA917FB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C60277F5-5041-4E73-BF63-84E549C3AC88}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CC720A29-8931-48C1-8E80-649F39CB194F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9742C07E-293C-499D-A5CF-A4F7BB7606EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{260B72E1-4C59-4FC7-A5E1-8E7980A6D4CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1162A9B5-A0E0-435B-A906-0015B6C17402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{974D5DA0-1536-470E-B3CC-4DDA61DB8CF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CE8A303A-859B-43FF-92FE-87B1FCDD5242}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{46EBF09F-525F-48F7-A97C-2B2255771C95}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0951722D-11EC-4AE5-BF45-21B90D5BD52A}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{27939F77-18D9-4B61-8B4A-55CE4F5B1D16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C84E526-1D5D-41C5-98A5-836AA8D7B895}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F6EFC5C-20F7-4240-A6F4-FAAADDC79222}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D44CFE24-34B8-4A45-BF4F-55E86AC5979F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22CD5A1C-FB0F-4FF3-9DDA-E5D4B45D980D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Monkeys\Gun_Monkeys.exe
FirewallRules: [{C060BB13-ED23-4D11-8E60-08B9E10BDD06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Monkeys\Gun_Monkeys.exe
FirewallRules: [{7F89ED06-FFA5-4832-B5D2-E66EC2F3B4CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{B5BD51EF-44B0-488D-87AE-B81B4071E1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7117A913-5AED-4B50-BC2F-7DF69C08CCE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9971C14D-96AA-4771-B823-0152D1C82A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7A073EC5-3560-4A9E-B576-F430389C8052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{769AB8F8-1A8D-455B-9FCA-AAFE99FB723B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2C4B7454-65B6-4F39-AC70-EF99AB8E524F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{697880E0-5C2C-4C28-BB8F-BCC38B87ED07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{9B228ACE-74CA-40C0-AFD3-A02AECB790C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{13D640F0-DB7C-478D-A94C-7B7133ED9252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{97F58A83-949F-4ED4-9D5B-0DAC4E3482DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{479C317A-0E09-45AB-916C-EDE9A725D7B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D251FB94-1CF8-4A0A-816E-8E4DD0976927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{CFEF7D67-A115-421C-88B1-C9608D593AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{1E179886-2923-4B86-B7F6-EC1A4FE3D58F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{484535D1-A913-4A7B-AF6E-61EBB017A62A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DF5FFCA8-6F8C-439B-995F-712D19620BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{948FCA58-8B00-4931-A9B5-3EE57B4A5A6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{DDA6E56A-92FA-4EF2-B766-F781DF517D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{231C9584-4FBD-49BC-AF86-122B2D84AC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{181A1372-B41E-4D0E-B02A-14BB04F2F224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{A4B47712-3BCB-4105-8BF3-E2064799EB3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

[Gitanjali]

==================== Restore Points =========================

25-12-2015 14:53:26 Scheduled Checkpoint
27-12-2015 17:03:55 Installed HP Support Solutions Framework
03-01-2016 21:22:49 Removed League of Legends

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2016 12:20:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\owner\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (01/11/2016 12:14:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 273813

Error: (01/11/2016 12:14:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 273813

Error: (01/11/2016 12:14:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2016 10:49:34 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (1188) WebCacheLocal: An attempt to open the file "C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/10/2016 10:49:24 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (1188) WebCacheLocal: An attempt to open the file "C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/10/2016 10:48:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (1188) WebCacheLocal: An attempt to open the file "C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/10/2016 10:47:52 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (1188) WebCacheLocal: An attempt to open the file "C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/10/2016 10:21:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12203

Error: (01/10/2016 10:21:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12203


System errors:
=============
Error: (01/11/2016 05:26:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (01/11/2016 05:25:51 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2016 05:25:43 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2016 05:25:30 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/11/2016 05:25:30 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2016 05:25:25 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/11/2016 05:25:24 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2016 05:25:18 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2016 05:25:13 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/11/2016 05:25:13 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2016-01-09 17:17:57.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:39.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:38.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:38.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:37.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:20.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:19.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:18.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:16.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:16.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 8%
Total physical RAM: 8007.27 MB
Available physical RAM: 7309.96 MB
Total Virtual: 16199.27 MB
Available Virtual: 15576.38 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:681.41 GB) (Free:498.81 GB) NTFS
Drive e: (Lexar) (Removable) (Total:7.46 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6B0758F4)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

[Broni]

I don't actually see anything bad there anymore.

Let's try to reset your router.

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer.

NOTE. You may need to re-check your router security settings, as described HERE

Restart in normal mode and see if that fake message is still there.

 

[Gitanjali]

Quick question - how will restarting my wifi router help as the last time I started my computer, earlier today, I still got the blue screen and I have disconnected my wifi connection on the affected laptop since starting all of this "cleaning". Would having a password, to get into my account on the affected laptop, have an affect on it? Should it be removed?

 

[Broni]

Wait...
Please clarify.
When you start in normal mode what happens?

1. Blue screen error is present
2. What about that fake message with phone number?
3. Your wifi has been OFF since we started cleaning process?

 

[Gitanjali]

So here's the answers to your questions:
When you start in normal mode what happens?
I start the computer and then everything seems find for about a minute as everything loads. As soon as I open any folder/application the blue screen error is present with the fake message and phone number. So then as I follow any of your instructions I have to get the computer back into safe mode.

3. Your wifi has been OFF since we started cleaning process? Yes, since first getting the error message I made sure that the connection was turned off. My affected laptop will not be able to connect in safe mode anyway.

Hope this helps - I have yet to do the router yet. Will await further instructions.

 

[Broni]

Wait with that. Question first.
When you start in normal mode your internet connection is ON or OFF?

 

[Gitanjali]

So, on my affected laptop has the connection turned off completely - so no connection at all. My wifi router is constantly on as I have to use this computer to contact you; therefore the connection for the internet on this unaffected computer is on. Does that make sense now? I hope that I'm clear...

 

[Broni]

OK. Leave router alone then.

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key

and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

 

[Gitanjali]

For the following:

Windows 8/8.1 users. Press Windows logo key

and start typing the following:
msconfig
Press Enter.

you mean that you want me to use windows key (right click) to get to the command prompt to enter the command msconfig

Correct?

 

[Broni]

You can do it that way.

 

[Gitanjali]

So when I have the dialogue box open for the following instructions, what I see as my options are below in bold blue font and what I'm asking is in bold red font, please advise):

Click on Startup tab.
To manage startup items, use the Startup section of Task Manager
Open Task Manager (is a hyper link)
If I try to open task manager I get a dialogue box that says
Task Manager has been disabled by your administrator
Do you have further instructions for this step?

Click Disable all - there is no option to disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab. I CAN do this as all of this is available
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK. I CAN do this after receiving any instructions regarding the startup tab
Restart computer in Normal Mode.

 

[Broni]

Go ahead and disable services for now and see if it changes things.
We'll worry about startups in next step.

 

[Gitanjali]

So I've done what I could and restarted in Normal Mode. Everything seems to be loading okay for a (minute) and then blue screen came back. I will await more instructions while I try to get back into safe mode.

 

[Broni]

Create new administrator account and see if you have same issue there: http://www.digitaltrends.com/computing/how-to-make-an-administrator-user-account-in-windows-8/

 

[Gitanjali]

Just got into safe mode.........

 

[Gitanjali]

Auto turned off...am trying again as I didn't prompt it fast enough

 

[Gitanjali]

Back in

 

[Gitanjali]

So I'm at the following step on the website you forwarded to me and these are the instructions

tep 3: Click Change your account type in the User Accounts menu, select the account you wish to change, and click the bubble directly right of the administrator option below the account type. Afterward, click the gray Change Account Type button at the bottom of the window, and once done, feel free to install any software or make any changes you deem appropriate with your new account privileges.

However, this is what I get on my affected computer as I can't change the account type ( I can't include the picture but will just write what is stated):

Select your new Account type

(picture of desktop - personalized by my daughter) My daughter's name, email, Administrator, Password protected

You can't change your account type because have the only administrator account on this PC. You must make another user an administrator before you can change your account.

• (the bullet to the left is actually greyed out) Standard - Standard accounts can use most software and change system settings that don't affect other users or the security of this PC.
• Administrator - Administrators have complete control over the PC> They can change any settings and access all of the files and programs stored on the PC.

Why is a standard account recommended?

Box (greyed out) Change Account type Box (black and most likely clickable) Cancel


So my problem is I don't know how to make another user an admin..........

http://ec.tynt.com/b/rf?id=a4WNn6KVyr4yHaacwqm_6r&u=digitaltrendsftw

 

[Gitanjali]

I've managed to poke around and am not able to add an account as I'm not online as well Not too sure what to do now.......

 

[Gitanjali]

Am I SOL?