Solved Pop ups from nowere

Selkie · Jun 27, 2016

On Most sites... whenever I click a tab will open to advertise torcho. Now I read the one about torcho.com and I looked into it and it was not in my programs or anything. Sometimes a malware tab will open claiming that If I close that tab, my hardware will be deleted and I need to call the number on the screen to get it fixed. Other times it is just saying something has been detected. I close those tabs because I don't want my computer being worse than it already is.

TwinHeadedEagle · Jun 28, 2016

Hello,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Selkie · Jun 28, 2016

Well that did not work. I clicked the link even though I was debating whether or not to and the thing does not exist anymore.

TwinHeadedEagle · Jun 29, 2016

I don't understand. Can you download the tool on other PC and then transfer it?

Selkie · Jun 29, 2016

I don't have another PC. I just persevered through writing these messages and it does not seem to be affecting this site much. It mostly happens on Deviantart, any kind of wiki, every game forum, and any other site I might visit. I can screencap what the pop ups look like if it will help at all.

Selkie · Jun 29, 2016

I stand corrected, the download appears to be working now. Thank you.

Selkie · Jun 29, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by Selkie (2016-06-29 12:16:19)
Running from C:\Users\Selkie\Downloads
Windows 8.1 (Update) (X64) (2015-06-25 02:16:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-781349295-3500667339-3153741720-500 - Administrator - Disabled)
Selkie (S-1-5-21-781349295-3500667339-3153741720-1001 - Administrator - Enabled) => C:\Users\Selkie
Guest (S-1-5-21-781349295-3500667339-3153741720-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-781349295-3500667339-3153741720-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.00.2004.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2003.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.2.0.20046 - Avira Operations GmbH & Co. KG)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Host App Service (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
join.me (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\JoinMe) (Version: 2.13.0.1917 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Stellarium 0.13.3 (HKLM\...\Stellarium_is1) (Version: 0.13.3 - Stellarium team)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinRAR 5.30 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.3 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-781349295-3500667339-3153741720-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06EF2877-F71D-42C6-94C9-D2DCCBB9BFAB} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {07193843-EBCC-4BF3-931E-B6896517190E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-21] (Adobe Systems Incorporated)
Task: {0C82A567-E999-4E59-A961-2B54CC8046C9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {33C80CBA-6337-4E6D-83AE-DDC5980C55EE} - System32\Tasks\SweetLabs App Platform => C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki)
Task: {3980F70C-B94E-46A9-AABC-F03466F2C4EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {48AF9BA2-7CFE-4DD5-9F0F-75C3B3BEFF46} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4A964035-564F-4732-B472-B84915F359C5} - System32\Tasks\{F630ADDE-65AA-49CA-84EC-C55154D4DC5F} => pcalua.exe -a C:\Users\Selkie\Downloads\forge-1.7.10-10.13.4.1492-1.7.10-installer-win.exe -d C:\Users\Selkie\Downloads
Task: {66166B98-7514-4DEE-97A4-E4874D6B21D7} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {6AE39D84-F600-4340-B5B5-9BDEC2A42994} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7459EF9F-9D04-4CAD-817E-AA430B11F24F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-04-20] (Acer)
Task: {7CB05576-07C2-457D-B485-64A6919DB5DD} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {7F7EB86D-D7AF-4526-88E7-BCD07CA50720} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {889DC88D-84B3-4189-B1AC-87DA89C12018} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {A6FD2E8A-1AB6-43A7-8419-1D3BD1C58758} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {AC98FF1F-C6C9-4AA8-B2B0-7560693774FF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C9D8AF45-B083-4B59-82FC-8D149E8E4B30} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {CA0716B2-D351-4318-935B-4DD5509DB8BA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D005408D-DC62-4DB9-B80E-F7704162CEBD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D31E056B-5BBD-480A-9676-EEDDDF23157C} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-04-18] (Acer Incorporated)
Task: {DB55DF6A-D3CC-40C6-9279-2B2136AEDC4A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E73ECF5D-7C69-44CE-8CFF-94FF3E21BA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F260B418-21AD-4295-B0A3-9C78C7BF2EAC} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-07-25 07:35 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-25 07:43 - 2014-01-03 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-02-26 01:14 - 2014-02-26 01:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 01:11 - 2014-02-26 01:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 01:17 - 2014-02-26 01:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-05-16 10:10 - 2014-03-07 12:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2015-11-23 19:44 - 2015-11-23 19:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-01-25 02:47 - 2014-01-25 02:47 - 00055528 _____ () C:\Program Files\Acer\User Experience Improvement Program\Framework\AcrHttp.dll
2015-10-27 22:25 - 2015-10-27 22:25 - 00213936 _____ () C:\Users\Selkie\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll
2015-12-29 22:25 - 2016-03-30 18:15 - 00047616 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_socket.pyd
2015-12-29 22:25 - 2016-03-30 18:15 - 01420288 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ssl.pyd
2015-12-29 22:24 - 2016-03-30 18:15 - 00092672 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ctypes.pyd
2015-12-29 22:24 - 2016-03-30 18:15 - 01008128 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_hashlib.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00100352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32api.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00110080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\pywintypes27.dll
2015-12-29 22:25 - 2016-03-30 18:15 - 00011264 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\select.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00036864 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32process.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00485888 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libsodium.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00516096 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libzmq.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00038400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\constants.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00014336 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\error.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00046080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\message.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00032256 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\context.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00073216 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\socket.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00023552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\utils.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00029696 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_poll.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00012800 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_version.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00025088 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_device.pyd
2015-12-29 22:25 - 2016-03-30 18:15 - 00028672 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_multiprocessing.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\devices\monitoredqueue.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00036352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_psutil_mswindows.pyd
2016-04-02 12:56 - 2016-06-06 19:30 - 00124928 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\apps\contenttools\rollinghash.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00167936 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32gui.pyd
2015-12-29 22:25 - 2015-12-12 20:02 - 00009728 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Random\OSRNG\winrandom.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Util\_counter.pyd
2015-12-29 22:24 - 2015-12-12 20:02 - 00029184 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Cipher\_AES.pyd
2016-06-05 12:59 - 2016-05-31 16:31 - 01853440 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\QtCore.pyd
2016-06-05 12:59 - 2016-05-31 16:31 - 00110592 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\pyside-python2.7.dll
2016-06-05 12:59 - 2016-05-31 16:31 - 00108544 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\shiboken-python2.7.dll
2016-06-05 12:59 - 2016-05-31 16:31 - 06947328 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\QtGui.pyd
2015-12-29 22:24 - 2016-03-30 18:15 - 00688128 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\unicodedata.pyd
2016-05-16 11:02 - 2016-05-16 11:02 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-05-16 11:04 - 2016-05-16 11:04 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-05-16 11:04 - 2016-05-16 11:04 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-05-16 11:03 - 2016-05-16 11:03 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-04-27 17:07 - 2016-04-27 17:07 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-06-03 17:57 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{355ED8F7-30E1-40B9-B4D1-54BB248F03EF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{53EA8235-27BF-47D5-A9C7-0D0C0AF39DBA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3EB6DC14-9593-4DC2-A3E6-9F687598872F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{80F20D00-F485-4C27-B869-7EC2BFD51451}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{88439F79-9605-4562-91CA-AAB92D91C665}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{10B4B434-5E5E-4B29-B900-52784E768271}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9810D95D-FA80-4DE9-B0DA-3EE07609D8F0}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CEEE3C6F-3A6D-40F4-9CA2-B1127BE7BE91}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{E30744DA-60BB-4A7F-B56B-D60331578012}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{C4CF2360-59CF-4A4C-9797-BC72384FB3FF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{72809BD3-E23B-41FB-98B1-CCBA518B90E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{179E6EEE-8C5B-4720-B596-BE83A7D003CE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{21DDCD2A-B115-4DAC-BAA2-BF18116C9804}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{753EA022-03E2-4AF3-98F1-35235913C572}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{C0183E3D-44E9-429E-8195-805339A244E9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{609CB113-E8AB-41D7-BDC8-CE2DC25D90B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{47449F6A-586F-487E-85EA-FF33233C0EB4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7A684D88-6ED9-4166-BA1A-3CF8EA4DD099}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{475D45C6-8E46-4B02-827C-5F784539A838}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{D71F0EEC-3E51-47B7-AB57-5D10F5D4F403}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C3AE52A8-5275-4038-968E-F6B845B54C36}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0C4A1FB0-EE63-4896-956B-FEE2F2B4F7B8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4A3F851E-D2BB-444D-BDFF-FFA68F52E77F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5B2B9B15-394F-484C-B97E-2A71EB4D1A1E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{23830BFC-1331-4E44-A08C-A12D109EBCEB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{FBDB3390-7ADC-47DF-B29F-655B069B2201}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2DAE9DD3-692E-4827-9EB4-F8E125A8DF4D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{FD2F475F-A19E-4A29-B6BB-3FEEE068814E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{2C602A3A-DEBA-42F7-AB66-D1789135131E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{761BFEAE-6541-4114-92EF-F889A2A3089C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8425D708-68FA-4154-9B10-8EA2FD5E5CD5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{61351EC4-7CA5-40E8-9278-5156FA0F0620}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{5FA1FA4B-42B3-4363-9CE8-2971CC3CA947}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{4C5AE6AB-DE24-4DB9-BBD2-7F442E6A614D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{1ED0E640-3E99-4F35-99C4-754D1BC8B52B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{E4D163C7-9C88-4CB6-8700-F8B4B0E96462}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4CF2BFCE-156F-4177-9161-55DEB6AC0090}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AC770F86-1A32-466D-966A-4A81D9D31716}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{764461C6-11F6-4E71-81E9-7FE0B60E331E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35394C9D-CC67-4C2F-B305-AFA75A572C14}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D57AC6D2-75B0-48B2-B430-CB3B5EE9FF98}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{099FD544-2929-4C8A-80B7-BADC00EC78ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B58F271C-6E74-4079-99BC-B8278AF0EFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6B38627F-5614-41BA-89ED-DB6CB02C037C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1FFE2608-A5A7-43BF-991F-EEDC91564F54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{741C42D1-37CA-485A-804B-8F71C01D0C0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{74708E30-B73D-4199-AA22-A2F0F1C05318}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F88B6145-A434-43C9-967D-C24513724E1F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{706A78B2-7893-4A87-A2B6-AF5CEB431558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{49812DD0-9C5E-43A2-83D7-1D0A5743936D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe
FirewallRules: [{28F8CA32-2626-433A-8519-79989DF9F0CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4B1F0AA4-32C9-43BA-9E78-01BB2D1960B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C3FCD216-5E52-485D-BB81-5CBF5017C00F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4BDFB328-FB72-430A-8C82-750FCEC01EE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6EE09F55-588C-422A-B456-A68046A9557F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{77EDD696-AA15-444B-9411-C53D2EEE8250}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DA839E54-8D41-4D34-BD65-A938A3D086CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{711B33D5-A558-4590-A50D-D4676171829E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A64CA297-A43A-459D-A5AD-ECF0FADFFEED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5635624C-C410-43A2-ABFD-C39A85955ADF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{59D95277-AD43-4F53-8DA3-19DF297F2AD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DC116046-3D2C-4F7A-8B68-DE8516E1E073}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C5255348-F531-4344-B640-062C2CD6D9FA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F04EE960-38EE-4A5C-9406-C772A1403184}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{403CDAE1-1633-4C5C-B5A4-F3BD89A26EF9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A6548E48-91B0-4676-ACEC-9A4E4AE8046E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{5D9FDA8F-BEA5-4320-A126-05B519EAD1D4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{85E7A458-68FA-4A57-B270-BDEEA2C9EF27}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{348B8659-F0EB-4933-B1C0-D3D0B8B8A72E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{88EB4C72-5BBF-4625-BE6E-D5B34615F518}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{7570ED1C-BF28-4F36-9447-6F38D871E08F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{47B69826-9FBD-4604-B7AD-DBF4AE3821AB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{9FA3B234-2FD1-4CF4-BB23-CB500CA711B3}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe
FirewallRules: [UDP Query User{CE8C68EB-5DEF-431B-9B19-36F67868085D}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{82D55D85-5DF0-4F4D-95E0-0CE0375DF899}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6D036D67-D83B-4CEF-A582-FA5AB5B71090}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{486CDA88-FD23-4D41-83F8-64EF3671B949}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{451692B5-A497-4D3E-93B7-760DFCC7C389}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{31644F7E-A392-4207-BB36-688524F4688E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2A954D79-2800-480D-BCB6-AF8AE7412625}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{7B0F05C0-A9AC-4681-938D-52AE376281A1}C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe
FirewallRules: [UDP Query User{CB35249A-F82C-471D-A41A-89EE6B3B52D1}C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe
FirewallRules: [TCP Query User{EBECDBA8-5E21-4C43-9F44-5C31D7CF68D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{54A749A1-7B3E-43CF-BFB9-72F2FC9EE3B0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{CD367E79-A345-475B-AC88-CDDD6F77FA83}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C9F580C0-F9CD-4ECB-B727-D1A5B2979105}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{BD77844E-6E79-4B5C-A361-9B4366CD13D7}C:\secret of mana (online)\secret of mana (online)\zsnesw.exe] => (Allow) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe
FirewallRules: [UDP Query User{AE65BADB-2256-4A38-B658-C64DEAF2E4BA}C:\secret of mana (online)\secret of mana (online)\zsnesw.exe] => (Allow) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe
FirewallRules: [{5E62ADA7-210D-4A85-B6DA-BAB8D26531A9}] => (Block) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe
FirewallRules: [{F31AECBA-8ECE-4637-A777-253AA2FD5827}] => (Block) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe
FirewallRules: [TCP Query User{9806C5CC-ABFC-47DD-88A3-5C17DC45651C}C:\users\Selkie\appdata\local\join.me\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{30DAAE7B-F5ED-419C-B8DE-20C41CCA2710}C:\users\Selkie\appdata\local\join.me\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\join.me\join.me.exe
FirewallRules: [{16AC6EE1-D904-4A63-8BD0-E3BE2A3ED1BD}] => (Block) C:\users\Selkie\appdata\local\join.me\join.me.exe
FirewallRules: [{AC93C5F8-2A91-4DF3-AC7B-033BB5A4DC6A}] => (Block) C:\users\Selkie\appdata\local\join.me\join.me.exe
FirewallRules: [{6F8DE485-A91C-4973-B4CF-24E6D6261558}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{1D1634D4-6C1B-43C5-B279-F899F594D2AE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{ADB9A467-61EC-4390-B9EE-00C8C92ECA66}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5087D471-890C-4550-AF9C-F9E970423F83}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{F617003E-CE58-4005-9F55-E142EC0BF22D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{98F70E9C-8F24-4E9D-A1C4-CF70D8C6690F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{766A2D58-2EBF-4106-8D71-701423B51A87}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{A8458F46-99BA-40B0-8C30-C60CF6688E1C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{5C2846B3-7009-4AEB-BE70-9706E521F690}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{48E9EBED-1530-49C0-A8D5-3D65845E1E26}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{1EC1DA8C-B1F8-4A80-AAA5-C5C189096CE7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{7A4B233D-AAA4-415F-8050-A313679230B9}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{877CDFC6-174E-4471-8377-DA3ED3D6B159}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{B20A8B6B-9F77-45AE-B71C-9F9EFE416885}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{44982A82-E907-467B-90AD-D4D9A5C53E9E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{9DA6DD12-1EF9-4AD4-9B58-D7DE870E0E1D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{DAADA202-A949-4956-B718-29367530A2CE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{619D23A4-EE56-4727-BDF5-F939B7250360}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{3D71BA81-843F-4396-A3F6-5C577444DB88}] => (Allow) C:\Users\Selkie\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{B7E96A98-AF24-4E8A-A7AE-C617C33E812F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{42D01AB2-4BDF-4A32-9840-AC992F1E7E91}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{0008B0DE-4CF5-4BCE-BCF6-668485733A0F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{65BC6748-657C-46D5-AB85-65553B46EC34}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5ACAF1E1-6624-4E3F-8931-6FFDFBF48A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C753D0D-74F5-4BD7-809C-8B05199D16E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

24-06-2016 21:26:43 Removed LogMeIn Hamachi
26-06-2016 20:09:59 Installed Minecraft

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2016 12:13:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/29/2016 12:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: licmgr.exe, version: 15.0.17.264, time stamp: 0x56f29104
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0x17bc
Faulting application start time: 0xlicmgr.exe0
Faulting application path: licmgr.exe1
Faulting module path: licmgr.exe2
Report Id: licmgr.exe3
Faulting package full name: licmgr.exe4
Faulting package-relative application ID: licmgr.exe5

Error: (06/29/2016 12:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avcenter.exe, version: 15.0.17.264, time stamp: 0x56f28f71
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0x2560
Faulting application start time: 0xavcenter.exe0
Faulting application path: avcenter.exe1
Faulting module path: avcenter.exe2
Report Id: avcenter.exe3
Faulting package full name: avcenter.exe4
Faulting package-relative application ID: avcenter.exe5

Error: (06/28/2016 05:02:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/27/2016 07:25:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/27/2016 06:46:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgnt.exe, version: 15.0.17.264, time stamp: 0x56f290db
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0x141c
Faulting application start time: 0xavgnt.exe0
Faulting application path: avgnt.exe1
Faulting module path: avgnt.exe2
Report Id: avgnt.exe3
Faulting package full name: avgnt.exe4
Faulting package-relative application ID: avgnt.exe5

Error: (06/27/2016 06:05:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaw.exe, version: 8.0.25.18, time stamp: 0x54345ca0
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000374
Fault offset: 0x00000000000f1b70
Faulting process id: 0x1cfc
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3
Faulting package full name: javaw.exe4
Faulting package-relative application ID: javaw.exe5

Error: (06/27/2016 06:03:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2294

Start Time: 01d1d0bf8bd3208b

Termination Time: 101

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

Report Id: 042f8ecb-3cb3-11e6-82d3-f8a963dceda4

Faulting package full name:

Faulting package-relative application ID:

Error: (06/27/2016 06:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaw.exe, version: 8.0.25.18, time stamp: 0x54345ca0
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000374
Fault offset: 0x00000000000f1b70
Faulting process id: 0x20ec
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3
Faulting package full name: javaw.exe4
Faulting package-relative application ID: javaw.exe5

Error: (06/27/2016 05:57:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18c0

Start Time: 01d1d0be8964b39f

Termination Time: 122

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

Report Id: 11dbd198-3cb2-11e6-82d3-f8a963dceda4

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (06/27/2016 06:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Real-Time Protection service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect.

Error: (06/27/2016 06:27:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Scheduler service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/27/2016 06:27:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.

Error: (06/27/2016 06:25:14 PM) (Source: DCOM) (EventID: 10010) (User: SAPPHIREAURA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/27/2016 06:25:14 PM) (Source: DCOM) (EventID: 10010) (User: SAPPHIREAURA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/27/2016 04:22:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/27/2016 04:22:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

CodeIntegrity:
===================================
Date: 2015-12-13 16:32:38.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:38.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:37.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:36.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:36.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:35.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:34.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:34.046
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:33.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 16:32:32.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 3979.2 MB
Available physical RAM: 1872.58 MB
Total Virtual: 6539.2 MB
Available Virtual: 3547.32 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.06 GB) (Free:376.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2897BFE1)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
Ran by Selkie (administrator) on SAPPHIREAURA (29-06-2016 12:13:25)
Running from C:\Users\Selkie\Downloads
Loaded Profiles: Selkie (Available Profiles: Selkie)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Pokki) C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(© 2015 Microsoft Corporation) C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(LogMeIn, Inc) C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [BingSvc] => C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [join.me.launcher] => C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Avira Phantom VPN] => C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe [677728 2016-06-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Selkie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-14]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{1EB2160B-C4CD-4CF2-A377-345D21DE18E9}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {0F5C0D8C-331A-11E5-8264-F8A963DCEDA4} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {7285DBF4-4A87-476B-BA44-7DE73C7B38F9} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-13] ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-781349295-3500667339-3153741720-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Selkie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-24]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-781349295-3500667339-3153741720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [230744 2016-06-14] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-04-18] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-13] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG)
U4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-29 12:13 - 2016-06-29 12:14 - 00024466 ____C C:\Users\Selkie\Downloads\FRST.txt
2016-06-29 12:13 - 2016-06-29 12:13 - 00000000 ____D C:\FRST
2016-06-29 12:12 - 2016-06-29 12:13 - 02389504 _____ (Farbar) C:\Users\Selkie\Downloads\FRST64.exe
2016-06-27 19:04 - 2016-06-27 19:04 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-27 19:04 - 2016-06-27 19:04 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-27 19:03 - 2016-06-27 19:03 - 00242136 ____C C:\Users\Selkie\Downloads\Firefox Setup Stub 47.0.exe
2016-06-27 17:47 - 2016-06-27 18:00 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\.minecraft
2016-06-27 17:46 - 2016-06-27 17:47 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-06-27 17:46 - 2016-06-27 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-06-27 17:44 - 2016-06-27 17:46 - 02314240 _____ C:\Users\Selkie\Downloads\MinecraftInstaller.msi
2016-06-27 17:40 - 2016-06-27 17:46 - 00000977 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-06-26 20:43 - 2016-06-27 17:29 - 00001126 _____ C:\Users\Selkie\Desktop\nativelog.txt
2016-06-26 17:27 - 2016-06-26 17:27 - 00705678 ____C C:\Users\Selkie\Downloads\Witch_Time.wav
2016-06-26 00:03 - 2016-06-26 00:03 - 00000000 ____D C:\Users\Selkie\AppData\Local\Avira_Operations_GmbH_&_C
2016-06-26 00:00 - 2016-06-26 00:00 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
2016-06-26 00:00 - 2016-06-26 00:00 - 00001060 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-06-25 10:19 - 2016-06-25 10:19 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Avira
2016-06-25 10:14 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-06-25 10:14 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-06-25 10:14 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-06-25 10:14 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-06-25 10:11 - 2016-06-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-25 10:11 - 2016-06-25 10:11 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-06-25 10:10 - 2016-06-25 10:10 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw (1).exe
2016-06-24 22:14 - 2016-06-24 22:14 - 00000000 ____D C:\Users\Selkie\Desktop\Old Firefox Data
2016-06-24 20:59 - 2016-06-24 20:59 - 00000000 ____D C:\Users\Selkie\AppData\Local\LogMeIn
2016-06-24 17:06 - 2016-06-26 00:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-24 17:05 - 2016-06-25 10:14 - 00000000 ____D C:\ProgramData\Avira
2016-06-24 17:04 - 2016-06-24 17:04 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw.exe
2016-06-24 10:37 - 2016-06-24 10:40 - 00000000 ____D C:\ProgramData\15a6e625
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0abb7d67-112c-0}
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0a38d16c-512c-1}
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{053a9a95-712c-1}
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{02ebab93-112c-0}
2016-06-21 20:37 - 2016-06-21 20:37 - 00000000 ____D C:\Users\Selkie\Desktop\YandereSimJune21st
2016-06-21 19:42 - 2016-06-21 19:42 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-14 05:06 - 2016-06-14 05:06 - 00036872 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-06-11 16:20 - 2016-04-09 19:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-11 16:20 - 2016-03-31 02:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-11 16:20 - 2016-03-30 23:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-11 16:19 - 2016-04-22 16:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-11 16:19 - 2016-04-22 16:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-11 16:19 - 2016-04-22 16:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-11 16:19 - 2016-04-22 16:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-11 16:19 - 2016-04-22 16:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-11 16:19 - 2016-04-22 16:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-11 16:19 - 2016-04-22 15:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-11 16:19 - 2016-04-22 15:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-11 16:19 - 2016-04-22 15:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-11 16:19 - 2016-04-22 15:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-11 16:19 - 2016-04-22 15:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-11 16:19 - 2016-04-22 15:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-11 16:19 - 2016-04-22 15:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-11 16:19 - 2016-04-22 15:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-11 16:19 - 2016-04-22 15:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-11 16:19 - 2016-04-22 15:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-11 16:19 - 2016-04-22 14:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-11 16:19 - 2016-04-22 14:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-11 16:19 - 2016-04-22 14:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-11 16:19 - 2016-04-22 14:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-11 16:19 - 2016-04-22 14:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-11 16:19 - 2016-04-22 14:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-11 16:19 - 2016-04-22 14:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-11 16:19 - 2016-04-22 14:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-11 16:19 - 2016-04-22 14:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-11 16:19 - 2016-04-22 14:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-11 16:19 - 2016-04-22 14:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-11 16:19 - 2016-04-22 14:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-11 16:19 - 2016-04-22 14:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-11 16:15 - 2016-04-10 00:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-06-11 16:15 - 2016-04-10 00:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-06-11 16:15 - 2016-04-09 17:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-06-11 16:15 - 2016-04-09 17:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-06-11 16:15 - 2016-04-06 17:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-11 16:15 - 2016-04-06 17:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-11 16:15 - 2016-04-06 14:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-11 16:15 - 2016-04-06 14:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-11 16:15 - 2016-04-06 14:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-11 16:15 - 2016-04-06 13:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-11 16:15 - 2016-04-06 13:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-11 16:15 - 2016-04-06 12:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-11 16:15 - 2016-04-06 12:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-11 16:15 - 2016-04-06 12:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-11 16:15 - 2016-04-06 11:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-11 16:15 - 2016-03-28 21:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-11 16:15 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-11 16:15 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-06-11 16:15 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-06-11 16:15 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-06-11 16:15 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-06-11 16:15 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-06-11 16:15 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-06-11 16:14 - 2016-04-11 02:21 - 00074584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-06-11 16:14 - 2016-04-10 03:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-06-11 16:14 - 2016-04-10 03:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-06-11 16:14 - 2016-04-10 01:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-11 16:14 - 2016-04-10 00:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-11 16:14 - 2016-04-09 18:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-08 20:18 - 2016-06-08 20:18 - 00000000 ____D C:\ProgramData\Gyazo
2016-06-07 16:02 - 2016-06-07 16:02 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2016-06-03 14:54 - 2016-06-03 14:54 - 00000045 _____ C:\Users\Selkie\AppData\Roaming\WB.CFG
2016-06-02 15:03 - 2016-06-24 10:42 - 00000000 ____D C:\ProgramData\a5e18247-5423-1
2016-06-02 15:03 - 2016-06-24 10:39 - 00000000 ____D C:\ProgramData\a5e18247-44a1-0
2016-06-02 15:02 - 2016-06-03 17:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Chromium
2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\kingsoft
2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\kingsoft
2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Program Files (x86)\Unknown File Handler
2016-06-02 15:01 - 2016-06-02 15:01 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-02 15:01 - 2016-06-02 15:01 - 00000000 ____D C:\Users\Selkie\AppData\Local\Setup685543875
2016-06-02 15:00 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\niso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 09:36 - 2014-07-25 07:02 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.DAT
2021-10-04 03:34 - 2014-07-25 07:02 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT
2016-06-29 12:14 - 2015-07-25 22:16 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Skype
2016-06-29 12:10 - 2015-07-25 19:31 - 00000000 ____D C:\Users\Selkie\AppData\Local\CrashDumps
2016-06-29 11:44 - 2015-06-24 22:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-781349295-3500667339-3153741720-1001
2016-06-29 11:42 - 2016-04-06 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-29 11:39 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie\AppData\Local\SweetLabs App Platform
2016-06-29 11:38 - 2015-06-24 22:23 - 00000000 _____ C:\Windows\system32\newflow.dat
2016-06-27 18:59 - 2015-06-25 15:35 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-27 18:59 - 2015-06-25 15:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Google
2016-06-27 18:54 - 2015-12-29 22:25 - 00000000 ____D C:\Users\Selkie\AppData\Local\NexonLauncher
2016-06-27 18:46 - 2015-06-25 15:30 - 00000000 ___DO C:\Users\Selkie\OneDrive
2016-06-27 18:31 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-27 18:31 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-06-27 18:27 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-27 18:25 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-27 17:06 - 2015-06-25 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-06-27 17:04 - 2016-04-01 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-06-27 17:04 - 2015-07-27 09:17 - 00000000 ____D C:\Program Files\Java
2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-27 17:03 - 2016-04-01 20:16 - 00000000 ____D C:\Users\Selkie\.oracle_jre_usage
2016-06-27 17:03 - 2015-07-26 08:28 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-27 16:42 - 2014-05-16 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-06-27 16:27 - 2015-06-24 22:19 - 00000000 ____D C:\Users\Selkie\AppData\Local\clear.fi
2016-06-27 16:22 - 2016-01-25 16:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-27 16:22 - 2014-07-25 07:06 - 00000000 ____D C:\Program Files\Intel
2016-06-27 16:21 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-06-27 16:21 - 2016-01-25 16:24 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-27 16:18 - 2014-05-16 09:44 - 00000000 ____D C:\ProgramData\McAfee
2016-06-25 16:02 - 2015-10-22 18:24 - 00000000 ____D C:\Users\Selkie\.gimp-2.8
2016-06-25 15:47 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie
2016-06-25 10:10 - 2015-08-07 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-24 19:50 - 2015-09-04 18:14 - 00692736 ___SH C:\Users\Selkie\Documents\Thumbs.db
2016-06-24 19:28 - 2015-06-25 15:42 - 07632384 ___SH C:\Users\Selkie\Downloads\Thumbs.db
2016-06-24 11:46 - 2015-07-27 12:41 - 00949248 ___SH C:\Users\Selkie\Desktop\Thumbs.db
2016-06-23 20:17 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-23 20:17 - 2013-08-22 10:44 - 00351024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-21 19:43 - 2016-04-06 15:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-13 19:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 16:22 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-13 16:17 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-12 16:05 - 2015-07-25 22:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-08 20:18 - 2016-02-18 19:31 - 00003424 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-06-08 20:18 - 2016-02-18 19:31 - 00003298 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-06-08 20:18 - 2016-02-18 19:31 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-06-08 18:45 - 2015-07-25 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-03 17:59 - 2015-07-25 18:24 - 00000000 ____D C:\Program Files (x86)\Enterbrain
2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

==================== Files in the root of some directories =======

2015-07-26 20:22 - 2016-03-28 14:57 - 0054784 ___SH () C:\Users\Selkie\AppData\Roaming\Thumbs.db
2016-06-03 14:54 - 2016-06-03 14:54 - 0000045 _____ () C:\Users\Selkie\AppData\Roaming\WB.CFG
2015-08-05 22:38 - 2015-08-22 22:29 - 0007680 _____ () C:\Users\Selkie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-23 00:18 - 2016-04-23 00:18 - 0000855 _____ () C:\Users\Selkie\AppData\Local\recently-used.xbel
2014-07-25 07:02 - 2014-07-25 07:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-29 23:14 - 2015-12-29 23:14 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\Selkie\AppData\Local\Temp\avgnt.exe
C:\Users\Selkie\AppData\Local\Temp\BingSvc.exe
C:\Users\Selkie\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Selkie\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Selkie\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Selkie\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Selkie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Selkie\AppData\Local\Temp\oct2171.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct2481.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct6744.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct7926.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct793D.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct7C19.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct82B4.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct883D.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octB3FC.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octCFAF.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octD603.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octEA1.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octEBED.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octEFF0.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octF8DC.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Selkie\AppData\Local\Temp\{8E7065E9-AEE0-4B7D-941D-24010169CE4D}-49.0.2623.110_49.0.2623.87_chrome_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-09 13:28

==================== End of FRST.txt ============================

TwinHeadedEagle · Jun 30, 2016

They do not come out of nowhere, but from malicious setting on your computer.

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

Open Zemana AntiMalware again.
Click on

icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Cleaning.
Your PC should reboot now.
After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Selkie · Jun 30, 2016

Zemana AntiMalware 2.21.2.94 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016-6-30
Operating System : Windows 8.1 64-bit
Processor : 2X Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
BIOS Mode : UEFI
CUID : 12B3FB7BB49BA4B1F4B931
Scan Type : Smart Scan
Duration : 6m 32s
Scanned Objects : 13621
Detected Objects : 6
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Search
Status : Scanned
Object : Yahoo! - http://ca.yhs4.search.yahoo.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Search
Status : Scanned
Object : Yahoo! Powered - Yahoo Search - Web Search
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Search
Status : Scanned
Object : Yahoo! - http://ca.yhs4.search.yahoo.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Search
Status : Scanned
Object : Web Search - http://search.homepage-web.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Homepage
Status : Scanned
Object : Yahoo Search - Web Search
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Homepage

Wi-Fi
Status : Scanned
Object : Wi-Fi 82.163.143.171
MD5 : -
Publisher : -
Size : -
Version : -
Detection : DNS Hijack
Cleaning Action : Repair
Related Objects :
DNS Server - Wi-Fi : 82.163.143.171

Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0

Selkie · Jun 30, 2016

# AdwCleaner v5.200 - Logfile created 30/06/2016 at 11:50:26
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-30.1 [Server]
# Operating system : Windows 8.1 (X64)
# Username : Selkie - SAPPHIREAURA
# Running from : C:\Users\Selkie\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\15a6e625
[-] Folder Deleted : C:\ProgramData\a5e18247-44a1-0
[-] Folder Deleted : C:\ProgramData\a5e18247-5423-1
[-] Folder Deleted : C:\ProgramData\{02ebab93-112c-0}
[-] Folder Deleted : C:\ProgramData\{053a9a95-712c-1}
[-] Folder Deleted : C:\ProgramData\{0a38d16c-512c-1}
[-] Folder Deleted : C:\ProgramData\{0abb7d67-112c-0}
[#] Folder Deleted : C:\ProgramData\Application Data\15a6e625
[#] Folder Deleted : C:\ProgramData\Application Data\a5e18247-44a1-0
[#] Folder Deleted : C:\ProgramData\Application Data\a5e18247-5423-1
[#] Folder Deleted : C:\ProgramData\Application Data\{02ebab93-112c-0}
[#] Folder Deleted : C:\ProgramData\Application Data\{053a9a95-712c-1}
[#] Folder Deleted : C:\ProgramData\Application Data\{0a38d16c-512c-1}
[#] Folder Deleted : C:\ProgramData\Application Data\{0abb7d67-112c-0}
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Selkie\AppData\Local\SweetLabs App Platform
[-] Folder Deleted : C:\Users\Selkie\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Program Files\Booking.com
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki

***** [ Files ] *****

[-] File Deleted : C:\Users\Selkie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\Selkie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : SweetLabs App Platform

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15a6e625}
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\Bitberry Software
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\csastats
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5179 bytes] - [30/06/2016 11:50:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [6535 bytes] - [30/06/2016 11:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5325 bytes] ##########

TwinHeadedEagle · Jul 1, 2016

Very good. How is your PC behaving now?

Selkie · Jul 1, 2016

It is working MUCH better. Thank you very much.

Search

Solved Pop ups from nowere

Selkie

New Member

TwinHeadedEagle

Level 41

Selkie

New Member

TwinHeadedEagle

Level 41

Selkie

New Member

Selkie

New Member

Selkie

New Member

TwinHeadedEagle

Level 41

Selkie

New Member

Selkie

New Member

TwinHeadedEagle

Level 41

Selkie

New Member

Similar threads