TechSpot

Virus malware screen says to call number

By Melissa346
Sep 3, 2015
  1. Virus malware screen says to call number HELP please! I thought it was a scam husband called anyway, they had access to our computer and then asked for $300.. our computer is about a month old.. today was the last day of our trial McAfee.. I was going to transfer our other PC protection over and got a screen pop up telling me to call them. Any help apprecitated!!
     
  2. Melissa346

    Melissa346 TS Rookie Topic Starter

    Says system has detected possible suspicious activity, don't restart or turn off computer/close webpage and to call 1-844-552-1980

    I thought it was a scam husband called anyway, they had access to our computer and then asked for $300.. our computer is about a month old.. today was the last day of our trial McAfee.. I was going to transfer our other PC protection over and got a screen pop up telling me to call them. Any help appreciated!!

    Logs below.
     
    Last edited: Sep 3, 2015
  3. Melissa346

    Melissa346 TS Rookie Topic Starter

    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    (Pokki) C:\Users\Melissa\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Spotify Ltd) C:\Users\Melissa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
    (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
    (TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
    (Pokki) C:\Users\Melissa\AppData\Local\Pokki\Engine\HostAppService.exe
    (Pokki) C:\Users\Melissa\AppData\Local\Pokki\Engine\HostAppService.exe
    (Pokki) C:\Users\Melissa\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
    HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
    HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\...\Run: [Spotify Web Helper] => C:\Users\Melissa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-01] (Spotify Ltd)
    HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2665984 2015-08-13] (Acer)
    HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\...\RunOnce: [Application Restart #1] => C:\Users\Melissa\AppData\Local\Pokki\Engine\HostAppService.exe [7867904 2015-07-31] (Pokki)
    HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
    ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-18]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5C77E5EC-6011-442D-8738-0E2972C7987C}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.ca/
    HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1413846195-3333679167-2783473796-1001 -> DefaultScope {3752C242-3E07-11E5-8261-F0761CBDB624} URL = hxxps://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1413846195-3333679167-2783473796-1001 -> {3752C242-3E07-11E5-8261-F0761CBDB624} URL = hxxps://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1413846195-3333679167-2783473796-1001 -> {39DDA523-28E2-423C-AFD6-EF94BB6666B0} URL =
    SearchScopes: HKU\S-1-5-21-1413846195-3333679167-2783473796-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-08-25] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-08-25] (Microsoft Corporation)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-25] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-25] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-25]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-25]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-11]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-29] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
    S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
    R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
    S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
    R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
    R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7549616 2014-02-25] (Broadcom Corporation)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-19] (Realsil Semiconductor Corporation)
    S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-03] ()
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-03 14:25 - 2015-09-03 14:26 - 00019937 _____ C:\Users\Melissa\Downloads\FRST.txt
    2015-09-03 14:25 - 2015-09-03 14:25 - 00000000 ____D C:\FRST
    2015-09-03 14:24 - 2015-09-03 14:25 - 02188800 _____ (Farbar) C:\Users\Melissa\Downloads\FRST64.exe
    2015-09-03 14:24 - 2015-09-03 14:24 - 01690624 _____ (Farbar) C:\Users\Melissa\Downloads\FRST.exe
    2015-09-03 14:18 - 2015-09-03 14:18 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-09-03 14:18 - 2015-09-03 14:18 - 00001051 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-09-03 14:18 - 2015-09-03 14:18 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\TeamViewer
    2015-09-03 14:18 - 2015-09-03 14:18 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-09-03 13:46 - 2015-09-03 14:09 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-09-03 13:46 - 2015-09-03 13:46 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-09-03 13:24 - 2015-09-03 13:24 - 00002259 _____ C:\Windows\epplauncher.mif
    2015-09-03 13:24 - 2015-09-03 13:24 - 00000000 ____D C:\522a3620653abb86a0c25e
    2015-09-03 12:16 - 2015-09-03 12:35 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - 9be59d32-ac1a-46e6-ad58-9df89b2e0b64
    2015-09-03 12:15 - 2015-09-03 12:15 - 00000000 ____D C:\Users\Melissa\AppData\Local\LogMeIn Rescue Applet
    2015-09-03 12:05 - 2015-09-03 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-08-29 08:10 - 2015-08-29 08:10 - 00000000 ____D C:\ProgramData\BlueStacks
    2015-08-25 15:53 - 2015-08-25 15:53 - 00010772 _____ C:\Users\Melissa\Documents\blank schedule.xlsx
    2015-08-25 15:40 - 2015-08-25 15:40 - 00000000 __RHD C:\MSOCache
    2015-08-25 15:33 - 2015-09-03 12:32 - 00004988 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ACERLAPTOP-Melissa acerlaptop
    2015-08-25 15:33 - 2015-08-27 09:19 - 00003104 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1413846195-3333679167-2783473796-1001
    2015-08-25 15:33 - 2015-08-25 15:33 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2015-08-25 15:27 - 2015-08-25 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-08-25 15:26 - 2015-08-25 15:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-08-23 21:43 - 2015-09-01 08:58 - 00059392 ___SH C:\Users\Melissa\Desktop\Thumbs.db
    2015-08-23 19:51 - 2015-08-29 08:12 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\WildTangent
    2015-08-20 15:37 - 2015-08-20 15:37 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
    2015-08-20 15:37 - 2015-08-20 15:37 - 00002030 _____ C:\Users\Public\Desktop\Acer Portal.lnk
    2015-08-19 20:36 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-08-19 20:36 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-08-12 09:38 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-08-12 09:38 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-08-12 09:38 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-08-12 09:38 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-08-12 09:38 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-08-12 09:38 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-08-12 09:38 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-08-12 09:38 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-08-12 09:38 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
    2015-08-12 09:38 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2015-08-12 09:38 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-08-12 09:38 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-08-12 09:38 - 2015-06-09 14:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
    2015-08-12 09:37 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-08-12 09:37 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
    2015-08-12 09:37 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-08-12 09:32 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2015-08-12 09:32 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2015-08-11 20:51 - 2015-08-11 20:51 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk
    2015-08-11 17:46 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-11 17:46 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-11 17:32 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-08-11 17:32 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-08-11 17:32 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-08-11 17:32 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-08-11 17:32 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-08-11 17:32 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-08-11 17:32 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-08-11 17:32 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-08-11 17:32 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-08-11 17:32 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-08-11 17:32 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-08-11 17:32 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-08-11 17:32 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-08-11 17:32 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-08-11 17:32 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-08-11 17:32 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-08-11 17:32 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-08-11 17:32 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-08-11 17:32 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-08-11 17:32 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-08-11 17:32 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-08-11 17:32 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-08-11 17:32 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-08-11 17:32 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-08-11 17:32 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-08-11 17:32 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-08-11 17:32 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-08-11 17:32 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-08-11 17:32 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-08-11 17:32 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-08-11 17:32 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-08-11 17:32 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-08-11 17:32 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-08-11 17:32 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-08-11 17:32 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-08-11 17:32 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-08-11 17:32 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-08-11 17:32 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-08-11 17:32 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-08-11 17:32 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-08-11 17:32 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-08-11 17:31 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-08-11 17:31 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-08-11 17:31 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-08-11 17:31 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-08-11 17:31 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2015-08-11 17:31 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-08-11 17:31 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-08-11 17:31 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-08-11 17:31 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2015-08-11 16:20 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-08-11 16:20 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-08-11 16:20 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-08-11 16:20 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-08-11 16:20 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-08-11 16:20 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-08-11 16:20 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-08-11 16:20 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-08-11 16:20 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-08-11 16:20 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-08-11 16:20 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-08-11 16:20 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2015-08-11 16:20 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-08-11 16:20 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-08-11 16:20 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-08-11 16:20 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-08-11 16:20 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-08-11 16:20 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-08-11 16:20 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2015-08-11 16:20 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2015-08-11 16:20 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    2015-08-11 16:20 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
    2015-08-09 16:44 - 2015-08-13 21:11 - 00000000 ____D C:\Windows\system32\appraiser
    2015-08-09 16:43 - 2015-08-13 21:11 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-03 14:05 - 2015-04-18 05:40 - 01163845 _____ C:\Windows\WindowsUpdate.log
    2015-09-03 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
    2015-09-03 13:58 - 2015-07-19 19:14 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1413846195-3333679167-2783473796-1001
    2015-09-03 12:22 - 2015-07-19 19:05 - 00000000 ____D C:\Users\Melissa\AppData\Local\Pokki
    2015-09-03 12:12 - 2015-07-19 19:17 - 00000000 ____D C:\Users\Melissa\OneDrive
    2015-09-03 12:12 - 2015-07-19 19:10 - 00000000 ____D C:\Users\Melissa\AppData\Local\clear.fi
    2015-09-03 12:07 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-09-03 11:44 - 2013-08-22 10:46 - 00029777 _____ C:\Windows\setupact.log
    2015-09-03 11:44 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-03 11:40 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2015-09-03 11:37 - 2015-07-19 19:14 - 00000000 ____D C:\Users\Melissa\AppData\Local\CrashDumps
    2015-09-03 11:27 - 2014-07-25 08:56 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-09-03 11:27 - 2013-08-22 10:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-03 09:19 - 2015-07-19 19:19 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9510C9D-9831-449D-8526-AE265EDD3A5F}
    2015-09-01 16:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
    2015-09-01 08:38 - 2015-07-19 19:08 - 00000000 ____D C:\Users\Melissa\AppData\Local\Packages
    2015-08-31 09:37 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-08-31 09:12 - 2015-07-21 11:16 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
    2015-08-29 08:12 - 2014-07-25 08:52 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2015-08-29 08:10 - 2014-07-25 08:52 - 00000000 ____D C:\ProgramData\WildTangent
    2015-08-27 17:22 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
    2015-08-25 15:26 - 2015-07-19 19:08 - 00000000 ____D C:\Users\Melissa\AppData\Local\VirtualStore
    2015-08-20 15:37 - 2014-07-25 08:49 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
    2015-08-20 15:37 - 2014-07-25 08:49 - 00000000 ____D C:\Program Files (x86)\Acer
    2015-08-19 20:36 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
    2015-08-17 09:22 - 2014-07-25 09:28 - 00000000 ____D C:\Windows\Panther
    2015-08-17 09:15 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
    2015-08-13 21:18 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
    2015-08-13 21:14 - 2014-03-18 05:54 - 00010680 _____ C:\Windows\PFRO.log
    2015-08-13 21:11 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-13 21:11 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-13 21:11 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
    2015-08-13 21:11 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-08-13 21:10 - 2015-07-25 10:54 - 00000000 ____D C:\Windows\system32\MRT
    2015-08-13 21:06 - 2015-07-25 10:54 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-08-11 17:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-11 17:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-11 10:15 - 2014-07-25 08:56 - 00000000 ____D C:\ProgramData\McAfee
    2015-08-11 10:13 - 2014-07-25 08:56 - 00000000 ____D C:\Program Files\Common Files\mcafee
    2015-08-11 10:12 - 2015-07-21 11:16 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
    2015-08-10 19:45 - 2015-07-19 19:48 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Spotify
    2015-08-10 19:45 - 2015-07-19 19:48 - 00000000 ____D C:\Users\Melissa\AppData\Local\Spotify
    2015-08-10 09:23 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppCompat
    2015-08-09 20:16 - 2014-07-25 09:27 - 00000000 ___HD C:\OEM
    2015-08-09 20:16 - 2014-07-25 08:49 - 00000000 ____D C:\ProgramData\acer
    2015-08-09 16:53 - 2013-08-22 11:37 - 00005111 _____ C:\Windows\DtcInstall.log
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\sppui
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\setup
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Com
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\setup
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Com
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\MediaViewer
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\IME
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\FileManager
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2015-08-09 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
    2015-08-09 16:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2015-08-09 16:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2015-08-09 16:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
    2015-08-09 16:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\oobe
    2015-08-09 16:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\servicing
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ___SD C:\Windows\system32\dsc
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sppui
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\migwiz
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2015-08-09 16:43 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2015-08-09 16:43 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Dism
    2015-08-08 09:55 - 2015-07-25 11:14 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-08-08 09:55 - 2015-07-25 11:14 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-08-06 19:49 - 2015-07-22 13:12 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Foxit Software
    2015-08-06 19:21 - 2015-07-19 19:12 - 00002323 _____ C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2015-08-06 19:18 - 2015-07-21 09:09 - 00003252 _____ C:\Windows\System32\Tasks\Pokki

    ==================== Files in the root of some directories =======

    2015-04-18 04:49 - 2015-04-18 04:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Melissa\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Melissa\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
    C:\Users\Melissa\AppData\Local\Temp\oct39D5.tmp.exe
    C:\Users\Melissa\AppData\Local\Temp\oct453D.tmp.exe
    C:\Users\Melissa\AppData\Local\Temp\oct6E04.tmp.exe
    C:\Users\Melissa\AppData\Local\Temp\oct9A84.tmp.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-19 20:36

    ==================== End of FRST.txt ============================
     
  4. Melissa346

    Melissa346 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
    Ran by Melissa (2015-09-03 14:27:35)
    Running from C:\Users\Melissa\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1413846195-3333679167-2783473796-500 - Administrator - Disabled)
    Guest (S-1-5-21-1413846195-3333679167-2783473796-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1413846195-3333679167-2783473796-1003 - Limited - Enabled)
    Melissa (S-1-5-21-1413846195-3333679167-2783473796-1001 - Administrator - Enabled) => C:\Users\Melissa

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
    abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
    Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
    Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3004 - Acer Incorporated)
    Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Amazon 1Button App (HKLM-x32\...\{FF0A904E-8827-4F6E-9A59-900D4C997AD1}) (Version: 1.0.8 - Amazon)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
    eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
    Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
    Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
    Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
    Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Host App Service (HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\...\Pokki) (Version: 0.269.7.738 - Pokki)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.124 - McAfee, Inc.)
    Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Pokki Start Menu (HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\...\Pokki_Start_Menu) (Version: 0.269.7.738 - Pokki)
    Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
    The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1413846195-3333679167-2783473796-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    11-08-2015 17:41:12 Windows Update
    19-08-2015 20:20:50 Windows Modules Installer
    31-08-2015 09:50:10 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {067A6334-2E07-43D4-AA53-FF2B73229649} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
    Task: {0AE722DA-B7DA-457B-83E9-666BA42E0509} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
    Task: {37E6BE18-1EB9-4D89-8A73-5F2F7950E177} - System32\Tasks\Pokki => %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe
    Task: {3CBD9C32-71E8-4802-9F7C-D25C2ACC931F} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
    Task: {3ED5350E-F568-45B4-95E2-6D416956ABFF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
    Task: {42D88348-49DD-4DB3-BF56-7CED3ACC2E74} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1413846195-3333679167-2783473796-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {471E7457-A266-46ED-AF77-6BB81543C38A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ACERLAPTOP-Melissa acerlaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-08-25] (Microsoft Corporation)
    Task: {6EE7B383-85A7-4CD5-924D-9E3A1EAC0AAB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
    Task: {83C52D26-F9BE-4476-BE4C-AEE3D39274E6} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
    Task: {93ED0EB0-80A4-4B49-BE9C-319CCDF7F367} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
    Task: {97B73684-2CBD-4559-BD69-63FBC549C85A} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
    Task: {A1ED9AED-1A0D-4438-9EF4-39545FFB0425} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
    Task: {AB37114D-893F-4169-94C0-BB2A25090BFF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
    Task: {AD8431F0-8FD5-4C92-B256-6219B8134F1A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
    Task: {AEB1E90B-DC53-4163-AD55-9A773AF32529} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
    Task: {B91456B4-07D8-4B44-AC64-89638AE1D2B7} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
    Task: {BB1F66ED-005F-4E30-9EFE-A0C207CE4A26} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
    Task: {C67A41EF-F9EF-413D-9479-4BD0897FFF71} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
    Task: {D63A390C-3D4D-406F-8860-4E04C1E09104} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
    Task: {EA230327-E072-4F6A-890E-39561F2B55D4} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
    Task: {EADD8A3C-2DF2-4CFB-A186-0C1EE80E1BC1} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {F4C6063D-2811-40AE-8AB0-BF14BE686B88} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-25] (Microsoft Corporation)
    Task: {F649CBF2-F6A5-46C5-9326-7517DD1D06A3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
    Task: {FB46000B-128E-49AC-B174-AC56734F6C18} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Loaded Modules (Whitelisted) ==============

    2014-02-18 23:02 - 2014-02-18 23:02 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2015-08-25 15:26 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-08-25 15:26 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2014-07-25 08:52 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2015-08-25 15:27 - 2015-08-25 15:27 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-07-25 08:56 - 2014-07-01 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2015-07-27 17:46 - 2015-07-27 17:46 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
    2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    2015-04-18 04:48 - 2013-10-01 05:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2015-08-13 20:48 - 2015-08-13 20:48 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
    2015-08-13 20:48 - 2015-08-13 20:48 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
    2015-07-27 17:47 - 2015-07-27 17:47 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
    2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
    2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
    2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
    2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
    2015-07-27 20:40 - 2015-07-27 20:40 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2015-04-28 16:15 - 2015-04-28 16:15 - 00569856 _____ () C:\Users\Melissa\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
    2015-04-28 16:15 - 2015-04-28 16:15 - 01400846 _____ () C:\Users\Melissa\AppData\Local\Pokki\Engine\avcodec-54.dll
    2015-04-28 16:15 - 2015-04-28 16:15 - 00151054 _____ () C:\Users\Melissa\AppData\Local\Pokki\Engine\avutil-51.dll
    2015-04-28 16:15 - 2015-04-28 16:15 - 00222734 _____ () C:\Users\Melissa\AppData\Local\Pokki\Engine\avformat-54.dll
    2015-08-25 15:26 - 2015-08-25 15:27 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Melissa\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1413846195-3333679167-2783473796-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{4F9DDC78-C656-4CE5-9D65-175322FA66A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{069649DC-C5AA-4825-8430-220FAC652650}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{EB224876-CEC7-4DC1-AE8C-82DBBA9E37CB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{5BADB751-737E-43B4-A08E-8A3A4824CAA9}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{B0B45579-F06C-4436-B8E3-D529384A46B4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{67E6FD8C-1AB1-4518-878C-CA97B10C7DCA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{291285CC-C9D3-431C-A679-7CE0FCCCF6E4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A672151C-66C3-46D8-A2DA-5CD4AEEA4EE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{E19B8E5D-7FDD-46C1-B61B-233CA211F449}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{F06A8541-7F5B-418E-B23C-87625F3F16CF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{611B3B51-CBC6-4FF9-8E15-92F9C87AD3ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{8FED5142-E447-4396-B920-77AD7B09DEDB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{F70A4CFE-5D9D-4D62-B4D5-A3838FFA90A5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{E3BDF496-2825-483A-841B-E652680706D6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D0CE61E8-FE78-488A-9BC4-FE49177883F6}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{87AD51E9-FB55-4A9E-8162-80CE49BE3BC9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{FA5A4378-9816-425E-91D0-7A7002CC570E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{CA3BF0AB-6A36-4E34-B46B-1871001B26F7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5FF3097F-082D-460C-A626-E97705979EC1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{8FDE47F3-FDD8-4DB2-B1B6-CDB82FE95FCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{3C8B39A4-1354-4DCE-8502-3622FB49DF27}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{782745CB-D9BC-464F-99FB-F9A0B3604B7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DB4F2FF9-0A3A-4AE7-898E-D6BB71277FF9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{96463C9B-A32D-4134-BF60-20A0F4EB0BC9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{00D8B423-FDF3-4167-9C7D-D9FD7356DA99}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{AC3E2339-B354-4D2A-A576-8A368F3A180D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{0CEA9A00-B107-4C18-9C95-923BA89E6492}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{132CADC8-0C85-43AF-8FC2-5C71D0674D88}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{621558CA-8A30-444A-9A89-F0D51329ED06}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{F4E210E4-D523-4816-BED1-0FE174848A81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{36BCD300-08F7-4729-B385-D4093CDB00EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{6F3DFE61-DEA4-4389-81F1-ED3B1411B49F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{21039A9C-7DBB-47C0-8169-76FE49499F67}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5AD4191A-70E4-4CB1-8659-E4DBA838BF78}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{ADDD35B9-90CE-4401-8FB1-B8AE3D924392}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{046C571E-355F-4B1D-828C-DF79A5537FBA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{B8E4043B-14AA-46B4-945B-D07568901359}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{43F654CD-8D01-40B3-9E02-8722E12B6199}] => (Allow) C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{65A90E0D-F796-45B3-9A4F-946579620921}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{290B013E-3E1F-45F8-93A4-28B7A4B61956}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{506341C7-6F49-47A0-A487-002552A25594}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{799C7181-F5EF-40BE-AB53-7EE6BCD3A3D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/03/2015 01:24:50 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: ACERLAPTOP)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (09/03/2015 11:37:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000409
    Fault offset: 0x00000000
    Faulting process id: 0x1030
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (09/03/2015 11:26:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ACERLAPTOP)
    Description: Package DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default was terminated because it took too long to suspend.

    Error: (09/03/2015 11:13:07 AM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: ACERLAPTOP)
    Description: Failed to update 2 user custom wordlist: -2147024894. Spell checking will remain available, but this user wordlist will not be updated.

    Error: (09/02/2015 04:56:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (09/02/2015 01:56:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1698

    Start Time: 01d0e5a7c1a91c58

    Termination Time: 4294967295

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id: dfd0b399-519b-11e5-8264-f0761cbdb624

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (09/02/2015 01:56:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ACERLAPTOP)
    Description: Package DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default was terminated because it took too long to suspend.

    Error: (09/02/2015 10:06:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACERLAPTOP)
    Description: Activation of app Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/02/2015 10:06:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2c5c

    Start Time: 01d0e58896f45c29

    Termination Time: 4294967295

    Application Path: C:\Windows\system32\backgroundTaskHost.exe

    Report Id: d76e4549-517b-11e5-8264-f0761cbdb624

    Faulting package full name: Microsoft.Office.OneNote_16.0.3327.1048_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: microsoft.onenoteim

    Error: (09/01/2015 07:09:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005


    System errors:
    =============
    Error: (09/03/2015 01:46:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys

    Error: (09/03/2015 12:50:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

    Error: (09/03/2015 12:03:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

    Error: (09/03/2015 11:26:26 AM) (Source: DCOM) (EventID: 10010) (User: ACERLAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (09/03/2015 11:26:06 AM) (Source: DCOM) (EventID: 10010) (User: ACERLAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (09/03/2015 11:26:05 AM) (Source: DCOM) (EventID: 10010) (User: ACERLAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (09/03/2015 11:26:05 AM) (Source: DCOM) (EventID: 10010) (User: ACERLAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (09/03/2015 11:26:05 AM) (Source: DCOM) (EventID: 10010) (User: ACERLAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (09/03/2015 09:38:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

    Error: (09/02/2015 11:26:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.


    Microsoft Office:
    =========================
    Error: (09/03/2015 01:24:50 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: ACERLAPTOP)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (09/03/2015 11:37:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.17840555fe1bbunknown0.0.0.000000000c000040900000000103001d0e65e4573112aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna2b1a9fb-5251-11e5-8265-f0761cbdb624

    Error: (09/03/2015 11:26:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ACERLAPTOP)
    Description: DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default

    Error: (09/03/2015 11:13:07 AM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: ACERLAPTOP)
    Description: 2-2147024894

    Error: (09/02/2015 04:56:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (09/02/2015 01:56:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe11.0.9600.17840169801d0e5a7c1a91c584294967295C:\Program Files\Internet Explorer\iexplore.exedfd0b399-519b-11e5-8264-f0761cbdb624

    Error: (09/02/2015 01:56:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ACERLAPTOP)
    Description: DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default

    Error: (09/02/2015 10:06:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACERLAPTOP)
    Description: Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim-2147023170

    Error: (09/02/2015 10:06:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.174152c5c01d0e58896f45c294294967295C:\Windows\system32\backgroundTaskHost.exed76e4549-517b-11e5-8264-f0761cbdb624Microsoft.Office.OneNote_16.0.3327.1048_x64__8wekyb3d8bbwemicrosoft.onenoteim

    Error: (09/01/2015 07:09:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
    Percentage of memory in use: 46%
    Total physical RAM: 8075.2 MB
    Available physical RAM: 4333.44 MB
    Total Virtual: 9355.2 MB
    Available Virtual: 5944.41 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:915.18 GB) (Free:860.62 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 0997B839)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  5. Melissa346

    Melissa346 TS Rookie Topic Starter

    Created a new topic with logs posted
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please don't create multiple topics.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...