Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Pop ups from nowere
Message
<blockquote data-quote="Selkie" data-source="post: 519228" data-attributes="member: 53613"><p>[SPOILER="Addition.TXT"]</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016</p><p>Ran by Selkie (2016-06-29 12:16:19)</p><p>Running from C:\Users\Selkie\Downloads</p><p>Windows 8.1 (Update) (X64) (2015-06-25 02:16:37)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-781349295-3500667339-3153741720-500 - Administrator - Disabled)</p><p>Selkie (S-1-5-21-781349295-3500667339-3153741720-1001 - Administrator - Enabled) => C:\Users\Selkie</p><p>Guest (S-1-5-21-781349295-3500667339-3153741720-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-781349295-3500667339-3153741720-1003 - Limited - Enabled)</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}</p><p>AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}</p><p>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)</p><p>abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)</p><p>abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.00.2004.0 - Acer Incorporated)</p><p>abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2003.0 - Acer Incorporated)</p><p>Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)</p><p>Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)</p><p>Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated)</p><p>Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)</p><p>Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)</p><p>Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)</p><p>Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)</p><p>Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)</p><p>Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)</p><p>Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)</p><p>Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)</p><p>Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION</p><p>AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)</p><p>Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)</p><p>Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG)</p><p>Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden</p><p>Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.2.0.20046 - Avira Operations GmbH & Co. KG)</p><p>Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden</p><p>CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)</p><p>CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)</p><p>eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)</p><p>Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)</p><p>GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)</p><p>Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden</p><p>Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)</p><p>Host App Service (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki)</p><p>Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)</p><p>Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)</p><p>Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)</p><p>Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)</p><p>join.me (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\JoinMe) (Version: 2.13.0.1917 - LogMeIn, Inc.)</p><p>join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden</p><p>Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)</p><p>Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)</p><p>Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)</p><p>Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)</p><p>Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)</p><p>Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)</p><p>Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)</p><p>Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Pokki Start Menu (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki)</p><p>Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)</p><p>Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)</p><p>Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)</p><p>Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)</p><p>Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)</p><p>Stellarium 0.13.3 (HKLM\...\Stellarium_is1) (Version: 0.13.3 - Stellarium team)</p><p>The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden</p><p>Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Unity Web Player (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)</p><p>Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)</p><p>Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden</p><p>WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)</p><p>WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden</p><p>WinRAR 5.30 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.3 - win.rar GmbH)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-781349295-3500667339-3153741720-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {06EF2877-F71D-42C6-94C9-D2DCCBB9BFAB} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)</p><p>Task: {07193843-EBCC-4BF3-931E-B6896517190E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-21] (Adobe Systems Incorporated)</p><p>Task: {0C82A567-E999-4E59-A961-2B54CC8046C9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()</p><p>Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION</p><p>Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION</p><p>Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION</p><p>Task: {33C80CBA-6337-4E6D-83AE-DDC5980C55EE} - System32\Tasks\SweetLabs App Platform => C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki)</p><p>Task: {3980F70C-B94E-46A9-AABC-F03466F2C4EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe</p><p>Task: {48AF9BA2-7CFE-4DD5-9F0F-75C3B3BEFF46} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {4A964035-564F-4732-B472-B84915F359C5} - System32\Tasks\{F630ADDE-65AA-49CA-84EC-C55154D4DC5F} => pcalua.exe -a C:\Users\Selkie\Downloads\forge-1.7.10-10.13.4.1492-1.7.10-installer-win.exe -d C:\Users\Selkie\Downloads</p><p>Task: {66166B98-7514-4DEE-97A4-E4874D6B21D7} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()</p><p>Task: {6AE39D84-F600-4340-B5B5-9BDEC2A42994} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)</p><p>Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION</p><p>Task: {7459EF9F-9D04-4CAD-817E-AA430B11F24F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-04-20] (Acer)</p><p>Task: {7CB05576-07C2-457D-B485-64A6919DB5DD} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)</p><p>Task: {7F7EB86D-D7AF-4526-88E7-BCD07CA50720} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()</p><p>Task: {889DC88D-84B3-4189-B1AC-87DA89C12018} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()</p><p>Task: {A6FD2E8A-1AB6-43A7-8419-1D3BD1C58758} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()</p><p>Task: {AC98FF1F-C6C9-4AA8-B2B0-7560693774FF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION</p><p>Task: {C9D8AF45-B083-4B59-82FC-8D149E8E4B30} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)</p><p>Task: {CA0716B2-D351-4318-935B-4DD5509DB8BA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)</p><p>Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION</p><p>Task: {D005408D-DC62-4DB9-B80E-F7704162CEBD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {D31E056B-5BBD-480A-9676-EEDDDF23157C} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-04-18] (Acer Incorporated)</p><p>Task: {DB55DF6A-D3CC-40C6-9279-2B2136AEDC4A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)</p><p>Task: {E73ECF5D-7C69-44CE-8CFF-94FF3E21BA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)</p><p>Task: {F260B418-21AD-4295-B0A3-9C78C7BF2EAC} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2014-07-25 07:35 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>2014-07-25 07:43 - 2014-01-03 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll</p><p>2014-02-26 01:14 - 2014-02-26 01:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll</p><p>2014-02-26 01:11 - 2014-02-26 01:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll</p><p>2014-02-26 01:17 - 2014-02-26 01:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe</p><p>2014-05-16 10:10 - 2014-03-07 12:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll</p><p>2015-11-23 19:44 - 2015-11-23 19:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe</p><p>2014-01-25 02:47 - 2014-01-25 02:47 - 00055528 _____ () C:\Program Files\Acer\User Experience Improvement Program\Framework\AcrHttp.dll</p><p>2015-10-27 22:25 - 2015-10-27 22:25 - 00213936 _____ () C:\Users\Selkie\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll</p><p>2015-12-29 22:25 - 2016-03-30 18:15 - 00047616 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_socket.pyd</p><p>2015-12-29 22:25 - 2016-03-30 18:15 - 01420288 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ssl.pyd</p><p>2015-12-29 22:24 - 2016-03-30 18:15 - 00092672 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ctypes.pyd</p><p>2015-12-29 22:24 - 2016-03-30 18:15 - 01008128 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_hashlib.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00100352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32api.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00110080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\pywintypes27.dll</p><p>2015-12-29 22:25 - 2016-03-30 18:15 - 00011264 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\select.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00036864 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32process.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00485888 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libsodium.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00516096 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libzmq.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00038400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\constants.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00014336 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\error.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00046080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\message.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00032256 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\context.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00073216 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\socket.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00023552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\utils.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00029696 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_poll.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00012800 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_version.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00025088 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_device.pyd</p><p>2015-12-29 22:25 - 2016-03-30 18:15 - 00028672 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_multiprocessing.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\devices\monitoredqueue.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00036352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_psutil_mswindows.pyd</p><p>2016-04-02 12:56 - 2016-06-06 19:30 - 00124928 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\apps\contenttools\rollinghash.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00167936 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32gui.pyd</p><p>2015-12-29 22:25 - 2015-12-12 20:02 - 00009728 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Random\OSRNG\winrandom.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Util\_counter.pyd</p><p>2015-12-29 22:24 - 2015-12-12 20:02 - 00029184 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Cipher\_AES.pyd</p><p>2016-06-05 12:59 - 2016-05-31 16:31 - 01853440 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\QtCore.pyd</p><p>2016-06-05 12:59 - 2016-05-31 16:31 - 00110592 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\pyside-python2.7.dll</p><p>2016-06-05 12:59 - 2016-05-31 16:31 - 00108544 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\shiboken-python2.7.dll</p><p>2016-06-05 12:59 - 2016-05-31 16:31 - 06947328 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\QtGui.pyd</p><p>2015-12-29 22:24 - 2016-03-30 18:15 - 00688128 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\unicodedata.pyd</p><p>2016-05-16 11:02 - 2016-05-16 11:02 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll</p><p>2016-05-16 11:04 - 2016-05-16 11:04 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll</p><p>2016-05-16 11:04 - 2016-05-16 11:04 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll</p><p>2016-05-16 11:03 - 2016-05-16 11:03 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll</p><p>2016-04-27 17:07 - 2016-04-27 17:07 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll</p><p>2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll</p><p>2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2013-08-22 09:25 - 2016-06-03 17:57 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>0.0.0.1 mssplus.mcafee.com</p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp</p><p>DNS Servers: 82.163.143.171 - 82.163.142.173</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139</p><p>FirewallRules: [{355ED8F7-30E1-40B9-B4D1-54BB248F03EF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{53EA8235-27BF-47D5-A9C7-0D0C0AF39DBA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{3EB6DC14-9593-4DC2-A3E6-9F687598872F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE</p><p>FirewallRules: [{80F20D00-F485-4C27-B869-7EC2BFD51451}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe</p><p>FirewallRules: [{88439F79-9605-4562-91CA-AAB92D91C665}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe</p><p>FirewallRules: [{10B4B434-5E5E-4B29-B900-52784E768271}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe</p><p>FirewallRules: [{9810D95D-FA80-4DE9-B0DA-3EE07609D8F0}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe</p><p>FirewallRules: [{CEEE3C6F-3A6D-40F4-9CA2-B1127BE7BE91}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe</p><p>FirewallRules: [{E30744DA-60BB-4A7F-B56B-D60331578012}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe</p><p>FirewallRules: [{C4CF2360-59CF-4A4C-9797-BC72384FB3FF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe</p><p>FirewallRules: [{72809BD3-E23B-41FB-98B1-CCBA518B90E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe</p><p>FirewallRules: [{179E6EEE-8C5B-4720-B596-BE83A7D003CE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe</p><p>FirewallRules: [{21DDCD2A-B115-4DAC-BAA2-BF18116C9804}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe</p><p>FirewallRules: [{753EA022-03E2-4AF3-98F1-35235913C572}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe</p><p>FirewallRules: [{C0183E3D-44E9-429E-8195-805339A244E9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe</p><p>FirewallRules: [{609CB113-E8AB-41D7-BDC8-CE2DC25D90B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe</p><p>FirewallRules: [{47449F6A-586F-487E-85EA-FF33233C0EB4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe</p><p>FirewallRules: [{7A684D88-6ED9-4166-BA1A-3CF8EA4DD099}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe</p><p>FirewallRules: [{475D45C6-8E46-4B02-827C-5F784539A838}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe</p><p>FirewallRules: [{D71F0EEC-3E51-47B7-AB57-5D10F5D4F403}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe</p><p>FirewallRules: [{C3AE52A8-5275-4038-968E-F6B845B54C36}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe</p><p>FirewallRules: [{0C4A1FB0-EE63-4896-956B-FEE2F2B4F7B8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe</p><p>FirewallRules: [{4A3F851E-D2BB-444D-BDFF-FFA68F52E77F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe</p><p>FirewallRules: [{5B2B9B15-394F-484C-B97E-2A71EB4D1A1E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe</p><p>FirewallRules: [{23830BFC-1331-4E44-A08C-A12D109EBCEB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe</p><p>FirewallRules: [{FBDB3390-7ADC-47DF-B29F-655B069B2201}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe</p><p>FirewallRules: [{2DAE9DD3-692E-4827-9EB4-F8E125A8DF4D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe</p><p>FirewallRules: [{FD2F475F-A19E-4A29-B6BB-3FEEE068814E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe</p><p>FirewallRules: [{2C602A3A-DEBA-42F7-AB66-D1789135131E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe</p><p>FirewallRules: [{761BFEAE-6541-4114-92EF-F889A2A3089C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe</p><p>FirewallRules: [{8425D708-68FA-4154-9B10-8EA2FD5E5CD5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe</p><p>FirewallRules: [{61351EC4-7CA5-40E8-9278-5156FA0F0620}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe</p><p>FirewallRules: [{5FA1FA4B-42B3-4363-9CE8-2971CC3CA947}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe</p><p>FirewallRules: [{4C5AE6AB-DE24-4DB9-BBD2-7F442E6A614D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe</p><p>FirewallRules: [{1ED0E640-3E99-4F35-99C4-754D1BC8B52B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe</p><p>FirewallRules: [{E4D163C7-9C88-4CB6-8700-F8B4B0E96462}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{4CF2BFCE-156F-4177-9161-55DEB6AC0090}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{AC770F86-1A32-466D-966A-4A81D9D31716}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{764461C6-11F6-4E71-81E9-7FE0B60E331E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{35394C9D-CC67-4C2F-B305-AFA75A572C14}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{D57AC6D2-75B0-48B2-B430-CB3B5EE9FF98}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{099FD544-2929-4C8A-80B7-BADC00EC78ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{B58F271C-6E74-4079-99BC-B8278AF0EFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{6B38627F-5614-41BA-89ED-DB6CB02C037C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{1FFE2608-A5A7-43BF-991F-EEDC91564F54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe</p><p>FirewallRules: [{741C42D1-37CA-485A-804B-8F71C01D0C0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe</p><p>FirewallRules: [{74708E30-B73D-4199-AA22-A2F0F1C05318}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe</p><p>FirewallRules: [{F88B6145-A434-43C9-967D-C24513724E1F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe</p><p>FirewallRules: [{706A78B2-7893-4A87-A2B6-AF5CEB431558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe</p><p>FirewallRules: [{49812DD0-9C5E-43A2-83D7-1D0A5743936D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe</p><p>FirewallRules: [{28F8CA32-2626-433A-8519-79989DF9F0CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{4B1F0AA4-32C9-43BA-9E78-01BB2D1960B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{C3FCD216-5E52-485D-BB81-5CBF5017C00F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{4BDFB328-FB72-430A-8C82-750FCEC01EE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{6EE09F55-588C-422A-B456-A68046A9557F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{77EDD696-AA15-444B-9411-C53D2EEE8250}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{DA839E54-8D41-4D34-BD65-A938A3D086CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{711B33D5-A558-4590-A50D-D4676171829E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{A64CA297-A43A-459D-A5AD-ECF0FADFFEED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{5635624C-C410-43A2-ABFD-C39A85955ADF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{59D95277-AD43-4F53-8DA3-19DF297F2AD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{DC116046-3D2C-4F7A-8B68-DE8516E1E073}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [TCP Query User{C5255348-F531-4344-B640-062C2CD6D9FA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe</p><p>FirewallRules: [UDP Query User{F04EE960-38EE-4A5C-9406-C772A1403184}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe</p><p>FirewallRules: [{403CDAE1-1633-4C5C-B5A4-F3BD89A26EF9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe</p><p>FirewallRules: [{A6548E48-91B0-4676-ACEC-9A4E4AE8046E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe</p><p>FirewallRules: [TCP Query User{5D9FDA8F-BEA5-4320-A126-05B519EAD1D4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe</p><p>FirewallRules: [UDP Query User{85E7A458-68FA-4A57-B270-BDEEA2C9EF27}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe</p><p>FirewallRules: [TCP Query User{348B8659-F0EB-4933-B1C0-D3D0B8B8A72E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe</p><p>FirewallRules: [UDP Query User{88EB4C72-5BBF-4625-BE6E-D5B34615F518}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe</p><p>FirewallRules: [TCP Query User{7570ED1C-BF28-4F36-9447-6F38D871E08F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe</p><p>FirewallRules: [UDP Query User{47B69826-9FBD-4604-B7AD-DBF4AE3821AB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe</p><p>FirewallRules: [TCP Query User{9FA3B234-2FD1-4CF4-BB23-CB500CA711B3}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe</p><p>FirewallRules: [UDP Query User{CE8C68EB-5DEF-431B-9B19-36F67868085D}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe</p><p>FirewallRules: [TCP Query User{82D55D85-5DF0-4F4D-95E0-0CE0375DF899}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe</p><p>FirewallRules: [UDP Query User{6D036D67-D83B-4CEF-A582-FA5AB5B71090}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe</p><p>FirewallRules: [{486CDA88-FD23-4D41-83F8-64EF3671B949}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{451692B5-A497-4D3E-93B7-760DFCC7C389}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe</p><p>FirewallRules: [{31644F7E-A392-4207-BB36-688524F4688E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [{2A954D79-2800-480D-BCB6-AF8AE7412625}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe</p><p>FirewallRules: [TCP Query User{7B0F05C0-A9AC-4681-938D-52AE376281A1}C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe</p><p>FirewallRules: [UDP Query User{CB35249A-F82C-471D-A41A-89EE6B3B52D1}C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe</p><p>FirewallRules: [TCP Query User{EBECDBA8-5E21-4C43-9F44-5C31D7CF68D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe</p><p>FirewallRules: [UDP Query User{54A749A1-7B3E-43CF-BFB9-72F2FC9EE3B0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe</p><p>FirewallRules: [TCP Query User{CD367E79-A345-475B-AC88-CDDD6F77FA83}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe</p><p>FirewallRules: [UDP Query User{C9F580C0-F9CD-4ECB-B727-D1A5B2979105}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe</p><p>FirewallRules: [TCP Query User{BD77844E-6E79-4B5C-A361-9B4366CD13D7}C:\secret of mana (online)\secret of mana (online)\zsnesw.exe] => (Allow) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe</p><p>FirewallRules: [UDP Query User{AE65BADB-2256-4A38-B658-C64DEAF2E4BA}C:\secret of mana (online)\secret of mana (online)\zsnesw.exe] => (Allow) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe</p><p>FirewallRules: [{5E62ADA7-210D-4A85-B6DA-BAB8D26531A9}] => (Block) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe</p><p>FirewallRules: [{F31AECBA-8ECE-4637-A777-253AA2FD5827}] => (Block) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe</p><p>FirewallRules: [TCP Query User{9806C5CC-ABFC-47DD-88A3-5C17DC45651C}C:\users\Selkie\appdata\local\join.me\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\join.me\join.me.exe</p><p>FirewallRules: [UDP Query User{30DAAE7B-F5ED-419C-B8DE-20C41CCA2710}C:\users\Selkie\appdata\local\join.me\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\join.me\join.me.exe</p><p>FirewallRules: [{16AC6EE1-D904-4A63-8BD0-E3BE2A3ED1BD}] => (Block) C:\users\Selkie\appdata\local\join.me\join.me.exe</p><p>FirewallRules: [{AC93C5F8-2A91-4DF3-AC7B-033BB5A4DC6A}] => (Block) C:\users\Selkie\appdata\local\join.me\join.me.exe</p><p>FirewallRules: [{6F8DE485-A91C-4973-B4CF-24E6D6261558}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{1D1634D4-6C1B-43C5-B279-F899F594D2AE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{ADB9A467-61EC-4390-B9EE-00C8C92ECA66}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{5087D471-890C-4550-AF9C-F9E970423F83}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{F617003E-CE58-4005-9F55-E142EC0BF22D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{98F70E9C-8F24-4E9D-A1C4-CF70D8C6690F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{766A2D58-2EBF-4106-8D71-701423B51A87}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{A8458F46-99BA-40B0-8C30-C60CF6688E1C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [TCP Query User{5C2846B3-7009-4AEB-BE70-9706E521F690}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe</p><p>FirewallRules: [UDP Query User{48E9EBED-1530-49C0-A8D5-3D65845E1E26}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe</p><p>FirewallRules: [{1EC1DA8C-B1F8-4A80-AAA5-C5C189096CE7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{7A4B233D-AAA4-415F-8050-A313679230B9}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{877CDFC6-174E-4471-8377-DA3ED3D6B159}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{B20A8B6B-9F77-45AE-B71C-9F9EFE416885}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{44982A82-E907-467B-90AD-D4D9A5C53E9E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{9DA6DD12-1EF9-4AD4-9B58-D7DE870E0E1D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{DAADA202-A949-4956-B718-29367530A2CE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{619D23A4-EE56-4727-BDF5-F939B7250360}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{3D71BA81-843F-4396-A3F6-5C577444DB88}] => (Allow) C:\Users\Selkie\AppData\Local\Chromium\Application\chrome.exe</p><p>FirewallRules: [{B7E96A98-AF24-4E8A-A7AE-C617C33E812F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{42D01AB2-4BDF-4A32-9840-AC992F1E7E91}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe</p><p>FirewallRules: [{0008B0DE-4CF5-4BCE-BCF6-668485733A0F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{65BC6748-657C-46D5-AB85-65553B46EC34}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe</p><p>FirewallRules: [{5ACAF1E1-6624-4E3F-8931-6FFDFBF48A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{8C753D0D-74F5-4BD7-809C-8B05199D16E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>24-06-2016 21:26:43 Removed LogMeIn Hamachi</p><p>26-06-2016 20:09:59 Installed Minecraft</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (06/29/2016 12:13:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80070005</p><p></p><p>Error: (06/29/2016 12:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: licmgr.exe, version: 15.0.17.264, time stamp: 0x56f29104</p><p>Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6</p><p>Exception code: 0xc0000409</p><p>Fault offset: 0x000a7666</p><p>Faulting process id: 0x17bc</p><p>Faulting application start time: 0xlicmgr.exe0</p><p>Faulting application path: licmgr.exe1</p><p>Faulting module path: licmgr.exe2</p><p>Report Id: licmgr.exe3</p><p>Faulting package full name: licmgr.exe4</p><p>Faulting package-relative application ID: licmgr.exe5</p><p></p><p>Error: (06/29/2016 12:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: avcenter.exe, version: 15.0.17.264, time stamp: 0x56f28f71</p><p>Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6</p><p>Exception code: 0xc0000409</p><p>Fault offset: 0x000a7666</p><p>Faulting process id: 0x2560</p><p>Faulting application start time: 0xavcenter.exe0</p><p>Faulting application path: avcenter.exe1</p><p>Faulting module path: avcenter.exe2</p><p>Report Id: avcenter.exe3</p><p>Faulting package full name: avcenter.exe4</p><p>Faulting package-relative application ID: avcenter.exe5</p><p></p><p>Error: (06/28/2016 05:02:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80070005</p><p></p><p>Error: (06/27/2016 07:25:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80070005</p><p></p><p>Error: (06/27/2016 06:46:23 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: avgnt.exe, version: 15.0.17.264, time stamp: 0x56f290db</p><p>Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6</p><p>Exception code: 0xc0000409</p><p>Fault offset: 0x000a7666</p><p>Faulting process id: 0x141c</p><p>Faulting application start time: 0xavgnt.exe0</p><p>Faulting application path: avgnt.exe1</p><p>Faulting module path: avgnt.exe2</p><p>Report Id: avgnt.exe3</p><p>Faulting package full name: avgnt.exe4</p><p>Faulting package-relative application ID: avgnt.exe5</p><p></p><p>Error: (06/27/2016 06:05:09 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: javaw.exe, version: 8.0.25.18, time stamp: 0x54345ca0</p><p>Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb</p><p>Exception code: 0xc0000374</p><p>Fault offset: 0x00000000000f1b70</p><p>Faulting process id: 0x1cfc</p><p>Faulting application start time: 0xjavaw.exe0</p><p>Faulting application path: javaw.exe1</p><p>Faulting module path: javaw.exe2</p><p>Report Id: javaw.exe3</p><p>Faulting package full name: javaw.exe4</p><p>Faulting package-relative application ID: javaw.exe5</p><p></p><p>Error: (06/27/2016 06:03:48 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 2294</p><p></p><p>Start Time: 01d1d0bf8bd3208b</p><p></p><p>Termination Time: 101</p><p></p><p>Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe</p><p></p><p>Report Id: 042f8ecb-3cb3-11e6-82d3-f8a963dceda4</p><p></p><p>Faulting package full name:</p><p></p><p>Faulting package-relative application ID:</p><p></p><p>Error: (06/27/2016 06:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: javaw.exe, version: 8.0.25.18, time stamp: 0x54345ca0</p><p>Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb</p><p>Exception code: 0xc0000374</p><p>Fault offset: 0x00000000000f1b70</p><p>Faulting process id: 0x20ec</p><p>Faulting application start time: 0xjavaw.exe0</p><p>Faulting application path: javaw.exe1</p><p>Faulting module path: javaw.exe2</p><p>Report Id: javaw.exe3</p><p>Faulting package full name: javaw.exe4</p><p>Faulting package-relative application ID: javaw.exe5</p><p></p><p>Error: (06/27/2016 05:57:03 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 18c0</p><p></p><p>Start Time: 01d1d0be8964b39f</p><p></p><p>Termination Time: 122</p><p></p><p>Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe</p><p></p><p>Report Id: 11dbd198-3cb2-11e6-82d3-f8a963dceda4</p><p></p><p>Faulting package full name:</p><p></p><p>Faulting package-relative application ID:</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (06/27/2016 06:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:</p><p>%%1053 = The service did not respond to the start or control request in a timely fashion.</p><p></p><p></p><p>Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:</p><p>%%1053 = The service did not respond to the start or control request in a timely fashion.</p><p></p><p></p><p>Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Avira Real-Time Protection service failed to start due to the following error:</p><p>%%1053 = The service did not respond to the start or control request in a timely fashion.</p><p></p><p></p><p>Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect.</p><p></p><p>Error: (06/27/2016 06:27:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Avira Scheduler service failed to start due to the following error:</p><p>%%1053 = The service did not respond to the start or control request in a timely fashion.</p><p></p><p></p><p>Error: (06/27/2016 06:27:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.</p><p></p><p>Error: (06/27/2016 06:25:14 PM) (Source: DCOM) (EventID: 10010) (User: SAPPHIREAURA)</p><p>Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}</p><p></p><p>Error: (06/27/2016 06:25:14 PM) (Source: DCOM) (EventID: 10010) (User: SAPPHIREAURA)</p><p>Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}</p><p></p><p>Error: (06/27/2016 04:22:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:</p><p>%%1053 = The service did not respond to the start or control request in a timely fashion.</p><p></p><p></p><p>Error: (06/27/2016 04:22:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:</p><p>%%1053 = The service did not respond to the start or control request in a timely fashion.</p><p></p><p></p><p></p><p>CodeIntegrity:</p><p>===================================</p><p> Date: 2015-12-13 16:32:38.969</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:38.283</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:37.594</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:36.957</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:36.300</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:35.393</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:34.699</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:34.046</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:33.367</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-12-13 16:32:32.652</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz</p><p>Percentage of memory in use: 52%</p><p>Total physical RAM: 3979.2 MB</p><p>Available physical RAM: 1872.58 MB</p><p>Total Virtual: 6539.2 MB</p><p>Available Virtual: 3547.32 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (Acer) (Fixed) (Total:449.06 GB) (Free:376.07 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 465.8 GB) (Disk ID: 2897BFE1)</p><p></p><p>Partition: GPT.</p><p></p><p>==================== End of Addition.txt ============================</p><p>[/SPOILER]</p><p></p><p>[SPOILER="FRST.TXT"]</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016</p><p>Ran by Selkie (administrator) on SAPPHIREAURA (29-06-2016 12:13:25)</p><p>Running from C:\Users\Selkie\Downloads</p><p>Loaded Profiles: Selkie (Available Profiles: Selkie)</p><p>Platform: Windows 8.1 (Update) (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe</p><p>(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe</p><p>() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Pokki) C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxTray.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe</p><p>(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe</p><p>() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(© 2015 Microsoft Corporation) C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe</p><p>(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe</p><p>(LogMeIn, Inc) C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe</p><p>(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe</p><p>(Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe</p><p>(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxext.exe</p><p>(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe</p><p>(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe</p><p>(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe</p><p>() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe</p><p>(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe</p><p>(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe</p><p>(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe</p><p>(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)</p><p>HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)</p><p>HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)</p><p>HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [BingSvc] => C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [join.me.launcher] => C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Avira Phantom VPN] => C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe [677728 2016-06-14] (Avira Operations GmbH & Co. KG)</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)</p><p>ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)</p><p>ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09]</p><p>ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)</p><p>Startup: C:\Users\Selkie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-14]</p><p>ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Hosts: 0.0.0.1 mssplus.mcafee.com</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173</p><p>Tcpip\..\Interfaces\{1EB2160B-C4CD-4CF2-A377-345D21DE18E9}: [DhcpNameServer] 192.168.224.1</p><p>Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [NameServer] 82.163.143.171 82.163.142.173</p><p>Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [DhcpNameServer] 82.163.143.171</p><p>Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [NameServer] 82.163.143.171 82.163.142.173</p><p>Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [DhcpNameServer] 82.163.143.171</p><p>Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [NameServer] 82.163.143.171 82.163.142.173</p><p>Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [NameServer] 82.163.143.171 82.163.142.173</p><p>Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [DhcpNameServer] 82.163.143.171</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://<a href="http://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =</p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://<a href="http://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://<a href="http://www.google.com/?trackid=sp-006" target="_blank">www.google.com/?trackid=sp-006</a></p><p>HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://<a href="http://www.google.com/?trackid=sp-006" target="_blank">www.google.com/?trackid=sp-006</a></p><p>SearchScopes: HKLM -> DefaultScope {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}</p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKLM -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}</p><p>SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}</p><p>SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}</p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://<a href="http://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}</p><p>SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://<a href="http://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {0F5C0D8C-331A-11E5-8264-F8A963DCEDA4} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxp://<a href="http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox" target="_blank">www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox</a></p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://<a href="http://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {7285DBF4-4A87-476B-BA44-7DE73C7B38F9} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default</p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://<a href="http://www.google.com/search?trackid=sp-006&q={searchTerms}" target="_blank">www.google.com/search?trackid=sp-006&q={searchTerms}</a></p><p>BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)</p><p>BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)</p><p>Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)</p><p>Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)</p><p>StartMenuInternet: IEXPLORE.EXE - iexplore.exe</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()</p><p>FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)</p><p>FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-13] ()</p><p>FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-781349295-3500667339-3153741720-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Selkie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)</p><p>FF Extension: Adblock Plus - C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-24]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKU\S-1-5-21-781349295-3500667339-3153741720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]</p><p>CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]</p><p>R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)</p><p>R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [230744 2016-06-14] (Avira Operations GmbH & Co. KG)</p><p>R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)</p><p>R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)</p><p>R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-04-18] (Acer Incorporated)</p><p>R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)</p><p>R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-13] (WildTangent)</p><p>R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)</p><p>R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)</p><p>R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)</p><p>R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()</p><p>R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)</p><p>R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)</p><p>R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>U4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)</p><p>S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)</p><p>S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)</p><p>S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)</p><p>S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)</p><p>S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)</p><p>R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)</p><p>R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)</p><p>R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)</p><p>R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)</p><p>R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)</p><p>S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)</p><p>R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)</p><p>S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-29 12:13 - 2016-06-29 12:14 - 00024466 ____C C:\Users\Selkie\Downloads\FRST.txt</p><p>2016-06-29 12:13 - 2016-06-29 12:13 - 00000000 ____D C:\FRST</p><p>2016-06-29 12:12 - 2016-06-29 12:13 - 02389504 _____ (Farbar) C:\Users\Selkie\Downloads\FRST64.exe</p><p>2016-06-27 19:04 - 2016-06-27 19:04 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2016-06-27 19:04 - 2016-06-27 19:04 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2016-06-27 19:03 - 2016-06-27 19:03 - 00242136 ____C C:\Users\Selkie\Downloads\Firefox Setup Stub 47.0.exe</p><p>2016-06-27 17:47 - 2016-06-27 18:00 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\.minecraft</p><p>2016-06-27 17:46 - 2016-06-27 17:47 - 00000000 ____D C:\Program Files (x86)\Minecraft</p><p>2016-06-27 17:46 - 2016-06-27 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft</p><p>2016-06-27 17:44 - 2016-06-27 17:46 - 02314240 _____ C:\Users\Selkie\Downloads\MinecraftInstaller.msi</p><p>2016-06-27 17:40 - 2016-06-27 17:46 - 00000977 _____ C:\Users\Public\Desktop\Minecraft.lnk</p><p>2016-06-26 20:43 - 2016-06-27 17:29 - 00001126 _____ C:\Users\Selkie\Desktop\nativelog.txt</p><p>2016-06-26 17:27 - 2016-06-26 17:27 - 00705678 ____C C:\Users\Selkie\Downloads\Witch_Time.wav</p><p>2016-06-26 00:03 - 2016-06-26 00:03 - 00000000 ____D C:\Users\Selkie\AppData\Local\Avira_Operations_GmbH_&_C</p><p>2016-06-26 00:00 - 2016-06-26 00:00 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk</p><p>2016-06-26 00:00 - 2016-06-26 00:00 - 00001060 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk</p><p>2016-06-25 10:19 - 2016-06-25 10:19 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Avira</p><p>2016-06-25 10:14 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys</p><p>2016-06-25 10:14 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys</p><p>2016-06-25 10:14 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys</p><p>2016-06-25 10:14 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys</p><p>2016-06-25 10:11 - 2016-06-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira</p><p>2016-06-25 10:11 - 2016-06-25 10:11 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk</p><p>2016-06-25 10:10 - 2016-06-25 10:10 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw (1).exe</p><p>2016-06-24 22:14 - 2016-06-24 22:14 - 00000000 ____D C:\Users\Selkie\Desktop\Old Firefox Data</p><p>2016-06-24 20:59 - 2016-06-24 20:59 - 00000000 ____D C:\Users\Selkie\AppData\Local\LogMeIn</p><p>2016-06-24 17:06 - 2016-06-26 00:00 - 00000000 ____D C:\Program Files (x86)\Avira</p><p>2016-06-24 17:05 - 2016-06-25 10:14 - 00000000 ____D C:\ProgramData\Avira</p><p>2016-06-24 17:04 - 2016-06-24 17:04 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw.exe</p><p>2016-06-24 10:37 - 2016-06-24 10:40 - 00000000 ____D C:\ProgramData\15a6e625</p><p>2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0abb7d67-112c-0}</p><p>2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0a38d16c-512c-1}</p><p>2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{053a9a95-712c-1}</p><p>2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{02ebab93-112c-0}</p><p>2016-06-21 20:37 - 2016-06-21 20:37 - 00000000 ____D C:\Users\Selkie\Desktop\YandereSimJune21st</p><p>2016-06-21 19:42 - 2016-06-21 19:42 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe</p><p>2016-06-14 05:06 - 2016-06-14 05:06 - 00036872 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys</p><p>2016-06-11 16:20 - 2016-04-09 19:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2016-06-11 16:20 - 2016-03-31 02:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll</p><p>2016-06-11 16:20 - 2016-03-30 23:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll</p><p>2016-06-11 16:19 - 2016-04-22 16:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2016-06-11 16:19 - 2016-04-22 16:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2016-06-11 16:19 - 2016-04-22 16:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2016-06-11 16:19 - 2016-04-22 16:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2016-06-11 16:19 - 2016-04-22 16:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2016-06-11 16:19 - 2016-04-22 16:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2016-06-11 16:19 - 2016-04-22 15:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2016-06-11 16:19 - 2016-04-22 15:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2016-06-11 16:19 - 2016-04-22 14:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2016-06-11 16:19 - 2016-04-22 14:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2016-06-11 16:19 - 2016-04-22 14:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2016-06-11 16:15 - 2016-04-10 00:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll</p><p>2016-06-11 16:15 - 2016-04-10 00:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll</p><p>2016-06-11 16:15 - 2016-04-09 17:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll</p><p>2016-06-11 16:15 - 2016-04-09 17:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll</p><p>2016-06-11 16:15 - 2016-04-06 17:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys</p><p>2016-06-11 16:15 - 2016-04-06 17:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll</p><p>2016-06-11 16:15 - 2016-04-06 14:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys</p><p>2016-06-11 16:15 - 2016-04-06 14:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys</p><p>2016-06-11 16:15 - 2016-04-06 14:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys</p><p>2016-06-11 16:15 - 2016-04-06 13:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2016-06-11 16:15 - 2016-04-06 13:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll</p><p>2016-06-11 16:15 - 2016-04-06 12:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2016-06-11 16:15 - 2016-04-06 12:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2016-06-11 16:15 - 2016-04-06 12:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll</p><p>2016-06-11 16:15 - 2016-04-06 11:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2016-06-11 16:15 - 2016-03-28 21:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2016-06-11 16:15 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll</p><p>2016-06-11 16:15 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi</p><p>2016-06-11 16:15 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe</p><p>2016-06-11 16:15 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi</p><p>2016-06-11 16:15 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe</p><p>2016-06-11 16:15 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll</p><p>2016-06-11 16:15 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll</p><p>2016-06-11 16:14 - 2016-04-11 02:21 - 00074584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys</p><p>2016-06-11 16:14 - 2016-04-10 03:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll</p><p>2016-06-11 16:14 - 2016-04-10 03:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll</p><p>2016-06-11 16:14 - 2016-04-10 01:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys</p><p>2016-06-11 16:14 - 2016-04-10 00:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll</p><p>2016-06-11 16:14 - 2016-04-09 18:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll</p><p>2016-06-08 20:18 - 2016-06-08 20:18 - 00000000 ____D C:\ProgramData\Gyazo</p><p>2016-06-07 16:02 - 2016-06-07 16:02 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys</p><p>2016-06-03 14:54 - 2016-06-03 14:54 - 00000045 _____ C:\Users\Selkie\AppData\Roaming\WB.CFG</p><p>2016-06-02 15:03 - 2016-06-24 10:42 - 00000000 ____D C:\ProgramData\a5e18247-5423-1</p><p>2016-06-02 15:03 - 2016-06-24 10:39 - 00000000 ____D C:\ProgramData\a5e18247-44a1-0</p><p>2016-06-02 15:02 - 2016-06-03 17:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Chromium</p><p>2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\kingsoft</p><p>2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\kingsoft</p><p>2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Program Files (x86)\Unknown File Handler</p><p>2016-06-02 15:01 - 2016-06-02 15:01 - 00000258 __RSH C:\ProgramData\ntuser.pol</p><p>2016-06-02 15:01 - 2016-06-02 15:01 - 00000000 ____D C:\Users\Selkie\AppData\Local\Setup685543875</p><p>2016-06-02 15:00 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\niso</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2021-10-21 09:36 - 2014-07-25 07:02 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.DAT</p><p>2021-10-04 03:34 - 2014-07-25 07:02 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT</p><p>2016-06-29 12:14 - 2015-07-25 22:16 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Skype</p><p>2016-06-29 12:10 - 2015-07-25 19:31 - 00000000 ____D C:\Users\Selkie\AppData\Local\CrashDumps</p><p>2016-06-29 11:44 - 2015-06-24 22:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-781349295-3500667339-3153741720-1001</p><p>2016-06-29 11:42 - 2016-04-06 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2016-06-29 11:39 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie\AppData\Local\SweetLabs App Platform</p><p>2016-06-29 11:38 - 2015-06-24 22:23 - 00000000 _____ C:\Windows\system32\newflow.dat</p><p>2016-06-27 18:59 - 2015-06-25 15:35 - 00000000 ____D C:\Program Files (x86)\Google</p><p>2016-06-27 18:59 - 2015-06-25 15:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Google</p><p>2016-06-27 18:54 - 2015-12-29 22:25 - 00000000 ____D C:\Users\Selkie\AppData\Local\NexonLauncher</p><p>2016-06-27 18:46 - 2015-06-25 15:30 - 00000000 ___DO C:\Users\Selkie\OneDrive</p><p>2016-06-27 18:31 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2016-06-27 18:31 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf</p><p>2016-06-27 18:27 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2016-06-27 18:25 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI</p><p>2016-06-27 17:06 - 2015-06-25 16:25 - 00000000 ____D C:\ProgramData\Oracle</p><p>2016-06-27 17:04 - 2016-04-01 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit</p><p>2016-06-27 17:04 - 2015-07-27 09:17 - 00000000 ____D C:\Program Files\Java</p><p>2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java</p><p>2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\Program Files (x86)\Java</p><p>2016-06-27 17:03 - 2016-04-01 20:16 - 00000000 ____D C:\Users\Selkie\.oracle_jre_usage</p><p>2016-06-27 17:03 - 2015-07-26 08:28 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</p><p>2016-06-27 16:42 - 2014-05-16 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer</p><p>2016-06-27 16:27 - 2015-06-24 22:19 - 00000000 ____D C:\Users\Selkie\AppData\Local\clear.fi</p><p>2016-06-27 16:22 - 2016-01-25 16:27 - 00000000 ____D C:\Program Files\Common Files\AV</p><p>2016-06-27 16:22 - 2014-07-25 07:06 - 00000000 ____D C:\Program Files\Intel</p><p>2016-06-27 16:21 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files\Common Files\McAfee</p><p>2016-06-27 16:21 - 2016-01-25 16:24 - 00000000 ____D C:\ProgramData\AVAST Software</p><p>2016-06-27 16:18 - 2014-05-16 09:44 - 00000000 ____D C:\ProgramData\McAfee</p><p>2016-06-25 16:02 - 2015-10-22 18:24 - 00000000 ____D C:\Users\Selkie\.gimp-2.8</p><p>2016-06-25 15:47 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie</p><p>2016-06-25 10:10 - 2015-08-07 22:06 - 00000000 ____D C:\ProgramData\Package Cache</p><p>2016-06-24 19:50 - 2015-09-04 18:14 - 00692736 ___SH C:\Users\Selkie\Documents\Thumbs.db</p><p>2016-06-24 19:28 - 2015-06-25 15:42 - 07632384 ___SH C:\Users\Selkie\Downloads\Thumbs.db</p><p>2016-06-24 11:46 - 2015-07-27 12:41 - 00949248 ___SH C:\Users\Selkie\Desktop\Thumbs.db</p><p>2016-06-23 20:17 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2016-06-23 20:17 - 2013-08-22 10:44 - 00351024 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2016-06-21 19:43 - 2016-04-06 15:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2016-06-13 19:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF</p><p>2016-06-13 16:22 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp</p><p>2016-06-13 16:17 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal</p><p>2016-06-12 16:05 - 2015-07-25 22:15 - 00000000 ____D C:\ProgramData\Skype</p><p>2016-06-08 20:18 - 2016-02-18 19:31 - 00003424 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily</p><p>2016-06-08 20:18 - 2016-02-18 19:31 - 00003298 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine</p><p>2016-06-08 20:18 - 2016-02-18 19:31 - 00000000 ____D C:\Program Files (x86)\Gyazo</p><p>2016-06-08 18:45 - 2015-07-25 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2016-06-03 17:59 - 2015-07-25 18:24 - 00000000 ____D C:\Program Files (x86)\Enterbrain</p><p>2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy</p><p>2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-07-26 20:22 - 2016-03-28 14:57 - 0054784 ___SH () C:\Users\Selkie\AppData\Roaming\Thumbs.db</p><p>2016-06-03 14:54 - 2016-06-03 14:54 - 0000045 _____ () C:\Users\Selkie\AppData\Roaming\WB.CFG</p><p>2015-08-05 22:38 - 2015-08-22 22:29 - 0007680 _____ () C:\Users\Selkie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2016-04-23 00:18 - 2016-04-23 00:18 - 0000855 _____ () C:\Users\Selkie\AppData\Local\recently-used.xbel</p><p>2014-07-25 07:02 - 2014-07-25 07:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl</p><p>2015-12-29 23:14 - 2015-12-29 23:14 - 0000016 _____ () C:\ProgramData\mntemp</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\Selkie\AppData\Local\Temp\avgnt.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\BingSvc.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\BSvcProcessor.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\BSvcUpdater.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\McCSPInstall.dll</p><p>C:\Users\Selkie\AppData\Local\Temp\mccspuninstall.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct2171.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct2481.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct6744.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct7926.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct793D.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct7C19.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct82B4.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\oct883D.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octB3FC.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octCFAF.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octD603.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octEA1.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octEBED.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octEFF0.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\octF8DC.tmp.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\Selkie\AppData\Local\Temp\{8E7065E9-AEE0-4B7D-941D-24010169CE4D}-49.0.2623.110_49.0.2623.87_chrome_updater.exe</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2016-04-09 13:28</p><p></p><p>==================== End of FRST.txt ============================</p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="Selkie, post: 519228, member: 53613"] [SPOILER="Addition.TXT"] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016 Ran by Selkie (2016-06-29 12:16:19) Running from C:\Users\Selkie\Downloads Windows 8.1 (Update) (X64) (2015-06-25 02:16:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-781349295-3500667339-3153741720-500 - Administrator - Disabled) Selkie (S-1-5-21-781349295-3500667339-3153741720-1001 - Administrator - Enabled) => C:\Users\Selkie Guest (S-1-5-21-781349295-3500667339-3153741720-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-781349295-3500667339-3153741720-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated) abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.00.2004.0 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2003.0 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated) Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated) Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated) Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.2.0.20046 - Avira Operations GmbH & Co. KG) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.) eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Host App Service (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\SweetLabs_AP) (Version: 0.269.7.927 - Pokki) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation) join.me (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\JoinMe) (Version: 2.13.0.1917 - LogMeIn, Inc.) join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla) Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Pokki Start Menu (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.927 - Pokki) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Stellarium 0.13.3 (HKLM\...\Stellarium_is1) (Version: 0.13.3 - Stellarium team) The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Unity Web Player (HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden WinRAR 5.30 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.3 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-781349295-3500667339-3153741720-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06EF2877-F71D-42C6-94C9-D2DCCBB9BFAB} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate) Task: {07193843-EBCC-4BF3-931E-B6896517190E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-21] (Adobe Systems Incorporated) Task: {0C82A567-E999-4E59-A961-2B54CC8046C9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] () Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {33C80CBA-6337-4E6D-83AE-DDC5980C55EE} - System32\Tasks\SweetLabs App Platform => C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki) Task: {3980F70C-B94E-46A9-AABC-F03466F2C4EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {48AF9BA2-7CFE-4DD5-9F0F-75C3B3BEFF46} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {4A964035-564F-4732-B472-B84915F359C5} - System32\Tasks\{F630ADDE-65AA-49CA-84EC-C55154D4DC5F} => pcalua.exe -a C:\Users\Selkie\Downloads\forge-1.7.10-10.13.4.1492-1.7.10-installer-win.exe -d C:\Users\Selkie\Downloads Task: {66166B98-7514-4DEE-97A4-E4874D6B21D7} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] () Task: {6AE39D84-F600-4340-B5B5-9BDEC2A42994} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate) Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {7459EF9F-9D04-4CAD-817E-AA430B11F24F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-04-20] (Acer) Task: {7CB05576-07C2-457D-B485-64A6919DB5DD} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate) Task: {7F7EB86D-D7AF-4526-88E7-BCD07CA50720} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] () Task: {889DC88D-84B3-4189-B1AC-87DA89C12018} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {A6FD2E8A-1AB6-43A7-8419-1D3BD1C58758} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] () Task: {AC98FF1F-C6C9-4AA8-B2B0-7560693774FF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {C9D8AF45-B083-4B59-82FC-8D149E8E4B30} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated) Task: {CA0716B2-D351-4318-935B-4DD5509DB8BA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {D005408D-DC62-4DB9-B80E-F7704162CEBD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {D31E056B-5BBD-480A-9676-EEDDDF23157C} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-04-18] (Acer Incorporated) Task: {DB55DF6A-D3CC-40C6-9279-2B2136AEDC4A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {E73ECF5D-7C69-44CE-8CFF-94FF3E21BA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {F260B418-21AD-4295-B0A3-9C78C7BF2EAC} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-07-25 07:35 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-07-25 07:43 - 2014-01-03 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2014-02-26 01:14 - 2014-02-26 01:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-26 01:11 - 2014-02-26 01:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-26 01:17 - 2014-02-26 01:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2014-05-16 10:10 - 2014-03-07 12:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll 2015-11-23 19:44 - 2015-11-23 19:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2014-01-25 02:47 - 2014-01-25 02:47 - 00055528 _____ () C:\Program Files\Acer\User Experience Improvement Program\Framework\AcrHttp.dll 2015-10-27 22:25 - 2015-10-27 22:25 - 00213936 _____ () C:\Users\Selkie\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll 2015-12-29 22:25 - 2016-03-30 18:15 - 00047616 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_socket.pyd 2015-12-29 22:25 - 2016-03-30 18:15 - 01420288 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ssl.pyd 2015-12-29 22:24 - 2016-03-30 18:15 - 00092672 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ctypes.pyd 2015-12-29 22:24 - 2016-03-30 18:15 - 01008128 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_hashlib.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00100352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32api.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00110080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\pywintypes27.dll 2015-12-29 22:25 - 2016-03-30 18:15 - 00011264 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\select.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00036864 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32process.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00485888 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libsodium.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00516096 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libzmq.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00038400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\constants.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00014336 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\error.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00046080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\message.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00032256 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\context.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00073216 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\socket.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00023552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\utils.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00029696 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_poll.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00012800 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_version.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00025088 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_device.pyd 2015-12-29 22:25 - 2016-03-30 18:15 - 00028672 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_multiprocessing.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\devices\monitoredqueue.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00036352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_psutil_mswindows.pyd 2016-04-02 12:56 - 2016-06-06 19:30 - 00124928 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\apps\contenttools\rollinghash.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00167936 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32gui.pyd 2015-12-29 22:25 - 2015-12-12 20:02 - 00009728 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Random\OSRNG\winrandom.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Util\_counter.pyd 2015-12-29 22:24 - 2015-12-12 20:02 - 00029184 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Cipher\_AES.pyd 2016-06-05 12:59 - 2016-05-31 16:31 - 01853440 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\QtCore.pyd 2016-06-05 12:59 - 2016-05-31 16:31 - 00110592 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\pyside-python2.7.dll 2016-06-05 12:59 - 2016-05-31 16:31 - 00108544 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\shiboken-python2.7.dll 2016-06-05 12:59 - 2016-05-31 16:31 - 06947328 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\PySide\QtGui.pyd 2015-12-29 22:24 - 2016-03-30 18:15 - 00688128 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\unicodedata.pyd 2016-05-16 11:02 - 2016-05-16 11:02 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2016-05-16 11:04 - 2016-05-16 11:04 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2016-05-16 11:04 - 2016-05-16 11:04 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2016-05-16 11:03 - 2016-05-16 11:03 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2016-04-27 17:07 - 2016-04-27 17:07 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2016-06-03 17:57 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 82.163.143.171 - 82.163.142.173 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{355ED8F7-30E1-40B9-B4D1-54BB248F03EF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{53EA8235-27BF-47D5-A9C7-0D0C0AF39DBA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3EB6DC14-9593-4DC2-A3E6-9F687598872F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{80F20D00-F485-4C27-B869-7EC2BFD51451}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{88439F79-9605-4562-91CA-AAB92D91C665}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{10B4B434-5E5E-4B29-B900-52784E768271}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{9810D95D-FA80-4DE9-B0DA-3EE07609D8F0}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{CEEE3C6F-3A6D-40F4-9CA2-B1127BE7BE91}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{E30744DA-60BB-4A7F-B56B-D60331578012}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{C4CF2360-59CF-4A4C-9797-BC72384FB3FF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{72809BD3-E23B-41FB-98B1-CCBA518B90E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{179E6EEE-8C5B-4720-B596-BE83A7D003CE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{21DDCD2A-B115-4DAC-BAA2-BF18116C9804}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{753EA022-03E2-4AF3-98F1-35235913C572}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{C0183E3D-44E9-429E-8195-805339A244E9}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{609CB113-E8AB-41D7-BDC8-CE2DC25D90B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{47449F6A-586F-487E-85EA-FF33233C0EB4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{7A684D88-6ED9-4166-BA1A-3CF8EA4DD099}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{475D45C6-8E46-4B02-827C-5F784539A838}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{D71F0EEC-3E51-47B7-AB57-5D10F5D4F403}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{C3AE52A8-5275-4038-968E-F6B845B54C36}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{0C4A1FB0-EE63-4896-956B-FEE2F2B4F7B8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{4A3F851E-D2BB-444D-BDFF-FFA68F52E77F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{5B2B9B15-394F-484C-B97E-2A71EB4D1A1E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{23830BFC-1331-4E44-A08C-A12D109EBCEB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{FBDB3390-7ADC-47DF-B29F-655B069B2201}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{2DAE9DD3-692E-4827-9EB4-F8E125A8DF4D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{FD2F475F-A19E-4A29-B6BB-3FEEE068814E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{2C602A3A-DEBA-42F7-AB66-D1789135131E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{761BFEAE-6541-4114-92EF-F889A2A3089C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{8425D708-68FA-4154-9B10-8EA2FD5E5CD5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{61351EC4-7CA5-40E8-9278-5156FA0F0620}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{5FA1FA4B-42B3-4363-9CE8-2971CC3CA947}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{4C5AE6AB-DE24-4DB9-BBD2-7F442E6A614D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{1ED0E640-3E99-4F35-99C4-754D1BC8B52B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{E4D163C7-9C88-4CB6-8700-F8B4B0E96462}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{4CF2BFCE-156F-4177-9161-55DEB6AC0090}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{AC770F86-1A32-466D-966A-4A81D9D31716}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{764461C6-11F6-4E71-81E9-7FE0B60E331E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{35394C9D-CC67-4C2F-B305-AFA75A572C14}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D57AC6D2-75B0-48B2-B430-CB3B5EE9FF98}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{099FD544-2929-4C8A-80B7-BADC00EC78ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{B58F271C-6E74-4079-99BC-B8278AF0EFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{6B38627F-5614-41BA-89ED-DB6CB02C037C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{1FFE2608-A5A7-43BF-991F-EEDC91564F54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{741C42D1-37CA-485A-804B-8F71C01D0C0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{74708E30-B73D-4199-AA22-A2F0F1C05318}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F88B6145-A434-43C9-967D-C24513724E1F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{706A78B2-7893-4A87-A2B6-AF5CEB431558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe FirewallRules: [{49812DD0-9C5E-43A2-83D7-1D0A5743936D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Demo\stanley.exe FirewallRules: [{28F8CA32-2626-433A-8519-79989DF9F0CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{4B1F0AA4-32C9-43BA-9E78-01BB2D1960B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{C3FCD216-5E52-485D-BB81-5CBF5017C00F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{4BDFB328-FB72-430A-8C82-750FCEC01EE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{6EE09F55-588C-422A-B456-A68046A9557F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{77EDD696-AA15-444B-9411-C53D2EEE8250}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{DA839E54-8D41-4D34-BD65-A938A3D086CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{711B33D5-A558-4590-A50D-D4676171829E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{A64CA297-A43A-459D-A5AD-ECF0FADFFEED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{5635624C-C410-43A2-ABFD-C39A85955ADF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{59D95277-AD43-4F53-8DA3-19DF297F2AD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{DC116046-3D2C-4F7A-8B68-DE8516E1E073}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [TCP Query User{C5255348-F531-4344-B640-062C2CD6D9FA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{F04EE960-38EE-4A5C-9406-C772A1403184}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{403CDAE1-1633-4C5C-B5A4-F3BD89A26EF9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{A6548E48-91B0-4676-ACEC-9A4E4AE8046E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{5D9FDA8F-BEA5-4320-A126-05B519EAD1D4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{85E7A458-68FA-4A57-B270-BDEEA2C9EF27}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{348B8659-F0EB-4933-B1C0-D3D0B8B8A72E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{88EB4C72-5BBF-4625-BE6E-D5B34615F518}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{7570ED1C-BF28-4F36-9447-6F38D871E08F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{47B69826-9FBD-4604-B7AD-DBF4AE3821AB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{9FA3B234-2FD1-4CF4-BB23-CB500CA711B3}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe FirewallRules: [UDP Query User{CE8C68EB-5DEF-431B-9B19-36F67868085D}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe FirewallRules: [TCP Query User{82D55D85-5DF0-4F4D-95E0-0CE0375DF899}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{6D036D67-D83B-4CEF-A582-FA5AB5B71090}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{486CDA88-FD23-4D41-83F8-64EF3671B949}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{451692B5-A497-4D3E-93B7-760DFCC7C389}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{31644F7E-A392-4207-BB36-688524F4688E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{2A954D79-2800-480D-BCB6-AF8AE7412625}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [TCP Query User{7B0F05C0-A9AC-4681-938D-52AE376281A1}C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe FirewallRules: [UDP Query User{CB35249A-F82C-471D-A41A-89EE6B3B52D1}C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\temp\joifca6.tmp\join.me.exe FirewallRules: [TCP Query User{EBECDBA8-5E21-4C43-9F44-5C31D7CF68D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{54A749A1-7B3E-43CF-BFB9-72F2FC9EE3B0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{CD367E79-A345-475B-AC88-CDDD6F77FA83}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{C9F580C0-F9CD-4ECB-B727-D1A5B2979105}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{BD77844E-6E79-4B5C-A361-9B4366CD13D7}C:\secret of mana (online)\secret of mana (online)\zsnesw.exe] => (Allow) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe FirewallRules: [UDP Query User{AE65BADB-2256-4A38-B658-C64DEAF2E4BA}C:\secret of mana (online)\secret of mana (online)\zsnesw.exe] => (Allow) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe FirewallRules: [{5E62ADA7-210D-4A85-B6DA-BAB8D26531A9}] => (Block) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe FirewallRules: [{F31AECBA-8ECE-4637-A777-253AA2FD5827}] => (Block) C:\secret of mana (online)\secret of mana (online)\zsnesw.exe FirewallRules: [TCP Query User{9806C5CC-ABFC-47DD-88A3-5C17DC45651C}C:\users\Selkie\appdata\local\join.me\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\join.me\join.me.exe FirewallRules: [UDP Query User{30DAAE7B-F5ED-419C-B8DE-20C41CCA2710}C:\users\Selkie\appdata\local\join.me\join.me.exe] => (Allow) C:\users\Selkie\appdata\local\join.me\join.me.exe FirewallRules: [{16AC6EE1-D904-4A63-8BD0-E3BE2A3ED1BD}] => (Block) C:\users\Selkie\appdata\local\join.me\join.me.exe FirewallRules: [{AC93C5F8-2A91-4DF3-AC7B-033BB5A4DC6A}] => (Block) C:\users\Selkie\appdata\local\join.me\join.me.exe FirewallRules: [{6F8DE485-A91C-4973-B4CF-24E6D6261558}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{1D1634D4-6C1B-43C5-B279-F899F594D2AE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{ADB9A467-61EC-4390-B9EE-00C8C92ECA66}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{5087D471-890C-4550-AF9C-F9E970423F83}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{F617003E-CE58-4005-9F55-E142EC0BF22D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{98F70E9C-8F24-4E9D-A1C4-CF70D8C6690F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{766A2D58-2EBF-4106-8D71-701423B51A87}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{A8458F46-99BA-40B0-8C30-C60CF6688E1C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [TCP Query User{5C2846B3-7009-4AEB-BE70-9706E521F690}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe FirewallRules: [UDP Query User{48E9EBED-1530-49C0-A8D5-3D65845E1E26}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe FirewallRules: [{1EC1DA8C-B1F8-4A80-AAA5-C5C189096CE7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{7A4B233D-AAA4-415F-8050-A313679230B9}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{877CDFC6-174E-4471-8377-DA3ED3D6B159}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{B20A8B6B-9F77-45AE-B71C-9F9EFE416885}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{44982A82-E907-467B-90AD-D4D9A5C53E9E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{9DA6DD12-1EF9-4AD4-9B58-D7DE870E0E1D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{DAADA202-A949-4956-B718-29367530A2CE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{619D23A4-EE56-4727-BDF5-F939B7250360}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{3D71BA81-843F-4396-A3F6-5C577444DB88}] => (Allow) C:\Users\Selkie\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{B7E96A98-AF24-4E8A-A7AE-C617C33E812F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{42D01AB2-4BDF-4A32-9840-AC992F1E7E91}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{0008B0DE-4CF5-4BCE-BCF6-668485733A0F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{65BC6748-657C-46D5-AB85-65553B46EC34}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{5ACAF1E1-6624-4E3F-8931-6FFDFBF48A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8C753D0D-74F5-4BD7-809C-8B05199D16E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 24-06-2016 21:26:43 Removed LogMeIn Hamachi 26-06-2016 20:09:59 Installed Minecraft ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/29/2016 12:13:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/29/2016 12:10:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: licmgr.exe, version: 15.0.17.264, time stamp: 0x56f29104 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0xc0000409 Fault offset: 0x000a7666 Faulting process id: 0x17bc Faulting application start time: 0xlicmgr.exe0 Faulting application path: licmgr.exe1 Faulting module path: licmgr.exe2 Report Id: licmgr.exe3 Faulting package full name: licmgr.exe4 Faulting package-relative application ID: licmgr.exe5 Error: (06/29/2016 12:10:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avcenter.exe, version: 15.0.17.264, time stamp: 0x56f28f71 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0xc0000409 Fault offset: 0x000a7666 Faulting process id: 0x2560 Faulting application start time: 0xavcenter.exe0 Faulting application path: avcenter.exe1 Faulting module path: avcenter.exe2 Report Id: avcenter.exe3 Faulting package full name: avcenter.exe4 Faulting package-relative application ID: avcenter.exe5 Error: (06/28/2016 05:02:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/27/2016 07:25:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/27/2016 06:46:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgnt.exe, version: 15.0.17.264, time stamp: 0x56f290db Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0xc0000409 Fault offset: 0x000a7666 Faulting process id: 0x141c Faulting application start time: 0xavgnt.exe0 Faulting application path: avgnt.exe1 Faulting module path: avgnt.exe2 Report Id: avgnt.exe3 Faulting package full name: avgnt.exe4 Faulting package-relative application ID: avgnt.exe5 Error: (06/27/2016 06:05:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: javaw.exe, version: 8.0.25.18, time stamp: 0x54345ca0 Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb Exception code: 0xc0000374 Fault offset: 0x00000000000f1b70 Faulting process id: 0x1cfc Faulting application start time: 0xjavaw.exe0 Faulting application path: javaw.exe1 Faulting module path: javaw.exe2 Report Id: javaw.exe3 Faulting package full name: javaw.exe4 Faulting package-relative application ID: javaw.exe5 Error: (06/27/2016 06:03:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2294 Start Time: 01d1d0bf8bd3208b Termination Time: 101 Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe Report Id: 042f8ecb-3cb3-11e6-82d3-f8a963dceda4 Faulting package full name: Faulting package-relative application ID: Error: (06/27/2016 06:01:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: javaw.exe, version: 8.0.25.18, time stamp: 0x54345ca0 Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb Exception code: 0xc0000374 Fault offset: 0x00000000000f1b70 Faulting process id: 0x20ec Faulting application start time: 0xjavaw.exe0 Faulting application path: javaw.exe1 Faulting module path: javaw.exe2 Report Id: javaw.exe3 Faulting package full name: javaw.exe4 Faulting package-relative application ID: javaw.exe5 Error: (06/27/2016 05:57:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 18c0 Start Time: 01d1d0be8964b39f Termination Time: 122 Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe Report Id: 11dbd198-3cb2-11e6-82d3-f8a963dceda4 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (06/27/2016 06:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Avira Real-Time Protection service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (06/27/2016 06:27:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect. Error: (06/27/2016 06:27:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Avira Scheduler service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (06/27/2016 06:27:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect. Error: (06/27/2016 06:25:14 PM) (Source: DCOM) (EventID: 10010) (User: SAPPHIREAURA) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (06/27/2016 06:25:14 PM) (Source: DCOM) (EventID: 10010) (User: SAPPHIREAURA) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (06/27/2016 04:22:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (06/27/2016 04:22:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2015-12-13 16:32:38.969 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:38.283 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:37.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:36.957 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:36.300 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:35.393 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:34.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:34.046 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:33.367 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 16:32:32.652 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz Percentage of memory in use: 52% Total physical RAM: 3979.2 MB Available physical RAM: 1872.58 MB Total Virtual: 6539.2 MB Available Virtual: 3547.32 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:449.06 GB) (Free:376.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 2897BFE1) Partition: GPT. ==================== End of Addition.txt ============================ [/SPOILER] [SPOILER="FRST.TXT"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016 Ran by Selkie (administrator) on SAPPHIREAURA (29-06-2016 12:13:25) Running from C:\Users\Selkie\Downloads Loaded Profiles: Selkie (Available Profiles: Selkie) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Pokki) C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (© 2015 Microsoft Corporation) C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (LogMeIn, Inc) C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [BingSvc] => C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [join.me.launcher] => C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Avira Phantom VPN] => C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe [677728 2016-06-14] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Selkie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-14] ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{1EB2160B-C4CD-4CF2-A377-345D21DE18E9}: [DhcpNameServer] 192.168.224.1 Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [DhcpNameServer] 82.163.143.171 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://[URL="http://www.google.com/search?trackid=sp-006&q={searchTerms}"]www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://[URL="http://www.google.com/search?trackid=sp-006&q={searchTerms}"]www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.google.com/?trackid=sp-006"]www.google.com/?trackid=sp-006[/URL] HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://[URL="http://www.google.com/?trackid=sp-006"]www.google.com/?trackid=sp-006[/URL] SearchScopes: HKLM -> DefaultScope {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms} SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://[URL="http://www.google.com/search?trackid=sp-006&q={searchTerms}"]www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://[URL="http://www.google.com/search?trackid=sp-006&q={searchTerms}"]www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {0F5C0D8C-331A-11E5-8264-F8A963DCEDA4} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxp://[URL="http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox"]www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox[/URL] SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://[URL="http://www.google.com/search?trackid=sp-006&q={searchTerms}"]www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {7285DBF4-4A87-476B-BA44-7DE73C7B38F9} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://[URL="http://www.google.com/search?trackid=sp-006&q={searchTerms}"]www.google.com/search?trackid=sp-006&q={searchTerms}[/URL] BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-13] () FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-781349295-3500667339-3153741720-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Selkie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) FF Extension: Adblock Plus - C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-24] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-781349295-3500667339-3153741720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [230744 2016-06-14] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-04-18] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-13] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG) U4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-29 12:13 - 2016-06-29 12:14 - 00024466 ____C C:\Users\Selkie\Downloads\FRST.txt 2016-06-29 12:13 - 2016-06-29 12:13 - 00000000 ____D C:\FRST 2016-06-29 12:12 - 2016-06-29 12:13 - 02389504 _____ (Farbar) C:\Users\Selkie\Downloads\FRST64.exe 2016-06-27 19:04 - 2016-06-27 19:04 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-06-27 19:04 - 2016-06-27 19:04 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-27 19:03 - 2016-06-27 19:03 - 00242136 ____C C:\Users\Selkie\Downloads\Firefox Setup Stub 47.0.exe 2016-06-27 17:47 - 2016-06-27 18:00 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\.minecraft 2016-06-27 17:46 - 2016-06-27 17:47 - 00000000 ____D C:\Program Files (x86)\Minecraft 2016-06-27 17:46 - 2016-06-27 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2016-06-27 17:44 - 2016-06-27 17:46 - 02314240 _____ C:\Users\Selkie\Downloads\MinecraftInstaller.msi 2016-06-27 17:40 - 2016-06-27 17:46 - 00000977 _____ C:\Users\Public\Desktop\Minecraft.lnk 2016-06-26 20:43 - 2016-06-27 17:29 - 00001126 _____ C:\Users\Selkie\Desktop\nativelog.txt 2016-06-26 17:27 - 2016-06-26 17:27 - 00705678 ____C C:\Users\Selkie\Downloads\Witch_Time.wav 2016-06-26 00:03 - 2016-06-26 00:03 - 00000000 ____D C:\Users\Selkie\AppData\Local\Avira_Operations_GmbH_&_C 2016-06-26 00:00 - 2016-06-26 00:00 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk 2016-06-26 00:00 - 2016-06-26 00:00 - 00001060 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk 2016-06-25 10:19 - 2016-06-25 10:19 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Avira 2016-06-25 10:14 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-06-25 10:14 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-06-25 10:14 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-06-25 10:14 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2016-06-25 10:11 - 2016-06-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-06-25 10:11 - 2016-06-25 10:11 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-06-25 10:10 - 2016-06-25 10:10 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw (1).exe 2016-06-24 22:14 - 2016-06-24 22:14 - 00000000 ____D C:\Users\Selkie\Desktop\Old Firefox Data 2016-06-24 20:59 - 2016-06-24 20:59 - 00000000 ____D C:\Users\Selkie\AppData\Local\LogMeIn 2016-06-24 17:06 - 2016-06-26 00:00 - 00000000 ____D C:\Program Files (x86)\Avira 2016-06-24 17:05 - 2016-06-25 10:14 - 00000000 ____D C:\ProgramData\Avira 2016-06-24 17:04 - 2016-06-24 17:04 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw.exe 2016-06-24 10:37 - 2016-06-24 10:40 - 00000000 ____D C:\ProgramData\15a6e625 2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0abb7d67-112c-0} 2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0a38d16c-512c-1} 2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{053a9a95-712c-1} 2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{02ebab93-112c-0} 2016-06-21 20:37 - 2016-06-21 20:37 - 00000000 ____D C:\Users\Selkie\Desktop\YandereSimJune21st 2016-06-21 19:42 - 2016-06-21 19:42 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-06-14 05:06 - 2016-06-14 05:06 - 00036872 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2016-06-11 16:20 - 2016-04-09 19:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-11 16:20 - 2016-03-31 02:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-11 16:20 - 2016-03-30 23:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-06-11 16:19 - 2016-04-22 16:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-11 16:19 - 2016-04-22 16:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-11 16:19 - 2016-04-22 16:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-11 16:19 - 2016-04-22 16:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-11 16:19 - 2016-04-22 16:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-06-11 16:19 - 2016-04-22 16:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-11 16:19 - 2016-04-22 15:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-06-11 16:19 - 2016-04-22 15:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-06-11 16:19 - 2016-04-22 15:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-06-11 16:19 - 2016-04-22 15:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-06-11 16:19 - 2016-04-22 15:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-11 16:19 - 2016-04-22 15:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-11 16:19 - 2016-04-22 15:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-11 16:19 - 2016-04-22 15:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-11 16:19 - 2016-04-22 15:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-11 16:19 - 2016-04-22 15:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-11 16:19 - 2016-04-22 14:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-06-11 16:19 - 2016-04-22 14:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-06-11 16:19 - 2016-04-22 14:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-06-11 16:19 - 2016-04-22 14:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-06-11 16:19 - 2016-04-22 14:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-11 16:19 - 2016-04-22 14:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-06-11 16:19 - 2016-04-22 14:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-06-11 16:19 - 2016-04-22 14:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-06-11 16:19 - 2016-04-22 14:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-11 16:19 - 2016-04-22 14:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-11 16:19 - 2016-04-22 14:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-06-11 16:19 - 2016-04-22 14:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-06-11 16:19 - 2016-04-22 14:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-06-11 16:15 - 2016-04-10 00:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-06-11 16:15 - 2016-04-10 00:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-06-11 16:15 - 2016-04-09 17:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2016-06-11 16:15 - 2016-04-09 17:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2016-06-11 16:15 - 2016-04-06 17:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-11 16:15 - 2016-04-06 17:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-11 16:15 - 2016-04-06 14:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-11 16:15 - 2016-04-06 14:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-11 16:15 - 2016-04-06 14:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-11 16:15 - 2016-04-06 13:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-06-11 16:15 - 2016-04-06 13:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-06-11 16:15 - 2016-04-06 12:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-11 16:15 - 2016-04-06 12:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-11 16:15 - 2016-04-06 12:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-06-11 16:15 - 2016-04-06 11:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-06-11 16:15 - 2016-03-28 21:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-06-11 16:15 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-06-11 16:15 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-06-11 16:15 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-06-11 16:15 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-06-11 16:15 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-06-11 16:15 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-06-11 16:15 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2016-06-11 16:14 - 2016-04-11 02:21 - 00074584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys 2016-06-11 16:14 - 2016-04-10 03:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-06-11 16:14 - 2016-04-10 03:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-06-11 16:14 - 2016-04-10 01:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-06-11 16:14 - 2016-04-10 00:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-11 16:14 - 2016-04-09 18:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-06-08 20:18 - 2016-06-08 20:18 - 00000000 ____D C:\ProgramData\Gyazo 2016-06-07 16:02 - 2016-06-07 16:02 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2016-06-03 14:54 - 2016-06-03 14:54 - 00000045 _____ C:\Users\Selkie\AppData\Roaming\WB.CFG 2016-06-02 15:03 - 2016-06-24 10:42 - 00000000 ____D C:\ProgramData\a5e18247-5423-1 2016-06-02 15:03 - 2016-06-24 10:39 - 00000000 ____D C:\ProgramData\a5e18247-44a1-0 2016-06-02 15:02 - 2016-06-03 17:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Chromium 2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\kingsoft 2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\kingsoft 2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Program Files (x86)\Unknown File Handler 2016-06-02 15:01 - 2016-06-02 15:01 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-06-02 15:01 - 2016-06-02 15:01 - 00000000 ____D C:\Users\Selkie\AppData\Local\Setup685543875 2016-06-02 15:00 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\niso ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-10-21 09:36 - 2014-07-25 07:02 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.DAT 2021-10-04 03:34 - 2014-07-25 07:02 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT 2016-06-29 12:14 - 2015-07-25 22:16 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Skype 2016-06-29 12:10 - 2015-07-25 19:31 - 00000000 ____D C:\Users\Selkie\AppData\Local\CrashDumps 2016-06-29 11:44 - 2015-06-24 22:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-781349295-3500667339-3153741720-1001 2016-06-29 11:42 - 2016-04-06 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-29 11:39 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie\AppData\Local\SweetLabs App Platform 2016-06-29 11:38 - 2015-06-24 22:23 - 00000000 _____ C:\Windows\system32\newflow.dat 2016-06-27 18:59 - 2015-06-25 15:35 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-27 18:59 - 2015-06-25 15:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Google 2016-06-27 18:54 - 2015-12-29 22:25 - 00000000 ____D C:\Users\Selkie\AppData\Local\NexonLauncher 2016-06-27 18:46 - 2015-06-25 15:30 - 00000000 ___DO C:\Users\Selkie\OneDrive 2016-06-27 18:31 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-27 18:31 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf 2016-06-27 18:27 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-27 18:25 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2016-06-27 17:06 - 2015-06-25 16:25 - 00000000 ____D C:\ProgramData\Oracle 2016-06-27 17:04 - 2016-04-01 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-06-27 17:04 - 2015-07-27 09:17 - 00000000 ____D C:\Program Files\Java 2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\Program Files (x86)\Java 2016-06-27 17:03 - 2016-04-01 20:16 - 00000000 ____D C:\Users\Selkie\.oracle_jre_usage 2016-06-27 17:03 - 2015-07-26 08:28 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-06-27 16:42 - 2014-05-16 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2016-06-27 16:27 - 2015-06-24 22:19 - 00000000 ____D C:\Users\Selkie\AppData\Local\clear.fi 2016-06-27 16:22 - 2016-01-25 16:27 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-27 16:22 - 2014-07-25 07:06 - 00000000 ____D C:\Program Files\Intel 2016-06-27 16:21 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files\Common Files\McAfee 2016-06-27 16:21 - 2016-01-25 16:24 - 00000000 ____D C:\ProgramData\AVAST Software 2016-06-27 16:18 - 2014-05-16 09:44 - 00000000 ____D C:\ProgramData\McAfee 2016-06-25 16:02 - 2015-10-22 18:24 - 00000000 ____D C:\Users\Selkie\.gimp-2.8 2016-06-25 15:47 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie 2016-06-25 10:10 - 2015-08-07 22:06 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-24 19:50 - 2015-09-04 18:14 - 00692736 ___SH C:\Users\Selkie\Documents\Thumbs.db 2016-06-24 19:28 - 2015-06-25 15:42 - 07632384 ___SH C:\Users\Selkie\Downloads\Thumbs.db 2016-06-24 11:46 - 2015-07-27 12:41 - 00949248 ___SH C:\Users\Selkie\Desktop\Thumbs.db 2016-06-23 20:17 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-06-23 20:17 - 2013-08-22 10:44 - 00351024 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-21 19:43 - 2016-04-06 15:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-06-13 19:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF 2016-06-13 16:22 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp 2016-06-13 16:17 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-06-12 16:05 - 2015-07-25 22:15 - 00000000 ____D C:\ProgramData\Skype 2016-06-08 20:18 - 2016-02-18 19:31 - 00003424 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily 2016-06-08 20:18 - 2016-02-18 19:31 - 00003298 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine 2016-06-08 20:18 - 2016-02-18 19:31 - 00000000 ____D C:\Program Files (x86)\Gyazo 2016-06-08 18:45 - 2015-07-25 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-06-03 17:59 - 2015-07-25 18:24 - 00000000 ____D C:\Program Files (x86)\Enterbrain 2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy ==================== Files in the root of some directories ======= 2015-07-26 20:22 - 2016-03-28 14:57 - 0054784 ___SH () C:\Users\Selkie\AppData\Roaming\Thumbs.db 2016-06-03 14:54 - 2016-06-03 14:54 - 0000045 _____ () C:\Users\Selkie\AppData\Roaming\WB.CFG 2015-08-05 22:38 - 2015-08-22 22:29 - 0007680 _____ () C:\Users\Selkie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-23 00:18 - 2016-04-23 00:18 - 0000855 _____ () C:\Users\Selkie\AppData\Local\recently-used.xbel 2014-07-25 07:02 - 2014-07-25 07:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-12-29 23:14 - 2015-12-29 23:14 - 0000016 _____ () C:\ProgramData\mntemp Some files in TEMP: ==================== C:\Users\Selkie\AppData\Local\Temp\avgnt.exe C:\Users\Selkie\AppData\Local\Temp\BingSvc.exe C:\Users\Selkie\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Selkie\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Selkie\AppData\Local\Temp\McCSPInstall.dll C:\Users\Selkie\AppData\Local\Temp\mccspuninstall.exe C:\Users\Selkie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Selkie\AppData\Local\Temp\oct2171.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct2481.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct6744.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct7926.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct793D.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct7C19.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct82B4.tmp.exe C:\Users\Selkie\AppData\Local\Temp\oct883D.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octB3FC.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octCFAF.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octD603.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octEA1.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octEBED.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octEFF0.tmp.exe C:\Users\Selkie\AppData\Local\Temp\octF8DC.tmp.exe C:\Users\Selkie\AppData\Local\Temp\SkypeSetup.exe C:\Users\Selkie\AppData\Local\Temp\{8E7065E9-AEE0-4B7D-941D-24010169CE4D}-49.0.2623.110_49.0.2623.87_chrome_updater.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-09 13:28 ==================== End of FRST.txt ============================ [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top