Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member
    Join Date
    Jan 2008
    Location
    Birmingham, AL
    Posts
    27
    Points
    0

    Default HijackThis File Suspicious per Detective

    I have followed all instructions in the detective. All things found in SuperAntiSpyware were cleared. Nothing found by MalwareBytes. Rebooted, emptied recycle bin. Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 6:38:16 PM, on 11/4/2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18450)

    FIREFOX: 49.0 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
    C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Users\User\Downloads\Updates and Drivers\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [AutoStartVMA] C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
    O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
    O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GManager - Unknown owner - C:\Windows\system32\GManager.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MlPatch - Unknown owner - C:\Windows\system32\MlPatch.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12610 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to Help2Go
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    I see a few possible issues. We need to look at a different set of log files though. We don't use Hijackthis for the first / run diagnoses anymore.

    Everything gets download to the desktop and tools are "Run as administrator."


    Saving files to your desktop.

    It's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.[img=https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Chrome/Settings.JPG] Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

    Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

    Next

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. "64Bit version for you."
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Last edited by zep516; 11-04-2016 at 10:40 PM.

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Are you with me ?

  4. #4
    Member
    Join Date
    Jan 2008
    Location
    Birmingham, AL
    Posts
    27
    Points
    0

    Default

    So sorry. I am with you now. I am downloading the file and running it right now. BRB.

  5. #5
    Member
    Join Date
    Jan 2008
    Location
    Birmingham, AL
    Posts
    27
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
    Ran by User (administrator) on DEANNA-ACER (08-11-2016 16:28:11)
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: User)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    () C:\Windows\System32\GManager.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    () C:\Windows\System32\mlpatch.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Magic Control Technology Corporation) C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Verizon) C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [275248 2014-12-24] (Magic Control Technology Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-11-03] (SUPERAntiSpyware)
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-09-01] (Spotify Ltd)
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12900864 2015-09-10] (Verizon)
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-10] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{8AFD2D41-87EC-415E-9BA6-C2A7366B62B9}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{B6655DFB-57B1-496B-ADA6-72CF7637F905}: [DhcpNameServer] 205.171.3.26 205.171.2.26 8.8.8.8

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2280355098-1021079581-2583612672-1000 -> DefaultScope {D8E73538-AEAA-497F-AA5D-8FC33397D171} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2280355098-1021079581-2583612672-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2280355098-1021079581-2583612672-1000 -> {D8E73538-AEAA-497F-AA5D-8FC33397D171} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-10] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-10] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: pnjk5ik4.default
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnjk5ik4.default [2016-11-04]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-10]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-10]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2280355098-1021079581-2583612672-1000: @citrixonline.com/appdetectorplugin -> C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-17] (Citrix Online)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-11-08]
    CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-21]
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-21]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Pushbullet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-11-04]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
    CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-21]
    CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
    CHR Extension: (Pinterest Save Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-03]
    CHR Extension: (Motorola Connect) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2016-01-11]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]
    CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
    CHR HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcehcblfpidimbihdfophhhdejckolgh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-10]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
    R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
    R2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] ()
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [79216 2016-08-20] (AVAST Software)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
    S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [164656 2015-07-21] (Magic Control Technology Corporation)
    R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [455160 2015-08-05] (Magic Control Technology Corp.)
    S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-07-13] (Microsoft Corporation) [File not signed]
    S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-07-13] (Microsoft Corporation) [File not signed]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-08 16:28 - 2016-11-08 16:28 - 00019225 _____ C:\Users\User\Desktop\FRST.txt
    2016-11-08 16:27 - 2016-11-08 16:28 - 00000000 ____D C:\FRST
    2016-11-08 16:25 - 2016-11-08 16:26 - 02410496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
    2016-10-25 17:25 - 2016-10-25 17:25 - 00620835 _____ C:\Users\User\Documents\Appen UHRS Web Entry Instructions 20131231- Crowdsourcing.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-08 16:20 - 2015-12-17 09:00 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2280355098-1021079581-2583612672-1000.job
    2016-11-08 16:20 - 2015-12-17 09:00 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2280355098-1021079581-2583612672-1000.job
    2016-11-08 16:19 - 2015-08-21 15:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-11-08 16:19 - 2015-08-21 15:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-11-07 09:27 - 2015-08-21 20:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-11-06 20:38 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-06 20:38 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-06 18:33 - 2009-07-13 23:13 - 00782228 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-11-06 18:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
    2016-11-04 20:26 - 2015-08-21 16:32 - 00000000 ____D C:\Users\User\Downloads\Funnies
    2016-11-04 17:38 - 2015-08-21 16:32 - 00000000 ____D C:\Users\User\Downloads\Updates and Drivers
    2016-11-04 17:24 - 2015-08-25 10:21 - 00000000 ___RD C:\Users\User\Google Drive
    2016-11-04 17:24 - 2015-08-21 09:37 - 00000000 ____D C:\ProgramData\clear.fi
    2016-11-04 17:23 - 2015-08-21 16:25 - 00002811 _____ C:\Windows\system32\GManager.ini
    2016-11-04 17:23 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-04 17:14 - 2015-08-20 14:45 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
    2016-11-04 17:06 - 2016-01-13 13:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-11-04 16:10 - 2016-07-06 10:16 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-04 16:10 - 2016-07-06 10:16 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-04 15:59 - 2016-01-12 09:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-11-03 20:11 - 2016-03-30 09:36 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-11-03 20:11 - 2015-12-03 07:48 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-11-03 20:11 - 2015-08-23 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-11-03 20:11 - 2015-08-23 11:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-11-03 20:11 - 2015-08-23 11:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-11-03 20:11 - 2015-08-21 20:09 - 00000000 ___SD C:\Windows\system32\GWX
    2016-11-03 20:11 - 2015-08-20 14:45 - 00000000 ____D C:\Users\User\AppData\Local\PowerCinema
    2016-11-03 20:11 - 2011-10-14 03:32 - 00000000 ____D C:\ProgramData\WildTangent
    2016-11-03 20:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-11-03 20:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Dism
    2016-11-03 20:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
    2016-11-03 20:11 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-11-03 20:10 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2016-11-03 20:09 - 2015-08-20 15:57 - 00000000 ____D C:\Windows\system32\Macromed
    2016-11-03 20:07 - 2015-08-21 17:00 - 00000000 __RHD C:\MSOCache
    2016-11-03 17:49 - 2015-09-10 14:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
    2016-11-03 17:48 - 2011-10-14 03:35 - 00000000 ____D C:\ProgramData\Skype
    2016-11-03 17:44 - 2015-12-17 09:00 - 00003682 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2280355098-1021079581-2583612672-1000
    2016-11-03 17:44 - 2015-12-17 09:00 - 00003586 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2280355098-1021079581-2583612672-1000
    2016-10-25 21:02 - 2015-08-21 15:44 - 00663552 _____ C:\Users\User\Documents\BankBalance.xls
    2016-10-19 21:35 - 2015-08-20 16:47 - 00000000 ____D C:\Windows\system32\MRT

    ==================== Files in the root of some directories =======

    2016-02-21 16:33 - 2016-02-21 16:39 - 0000000 _____ () C:\Users\User\AppData\Local\{1F27BD6E-DC69-42BE-A641-0BCD447CA490}
    2015-08-20 16:00 - 2015-08-20 16:03 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log

    Some files in TEMP:
    ====================
    C:\Users\User\AppData\Local\Temp\FuzeInstaller.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-18 13:27

    ==================== End of FRST.txt ============================

  6. #6
    Member
    Join Date
    Jan 2008
    Location
    Birmingham, AL
    Posts
    27
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
    Ran by User (08-11-2016 16:29:28)
    Running from C:\Users\User\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2015-08-20 20:44:48)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2280355098-1021079581-2583612672-500 - Administrator - Disabled)
    Guest (S-1-5-21-2280355098-1021079581-2583612672-501 - Limited - Disabled)
    User (S-1-5-21-2280355098-1021079581-2583612672-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
    Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
    Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
    Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
    Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
    Brother MFL-Pro Suite MFC-885CW (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
    clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
    clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
    clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
    clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
    Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
    ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
    Evernote v. 6.2.2 (HKLM-x32\...\{B7C3ABA0-5299-11E6-8CDF-005056951CAD}) (Version: 6.2.2.3164 - Evernote Corp.)
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
    Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
    Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
    Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
    Intel PROSet Wireless (x32 Version: - ) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
    Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    join.me (HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\JoinMe) (Version: 2.14.0.2176 - LogMeIn, Inc.)
    join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Message+ (HKLM-x32\...\{c828830f-53d4-4a2f-ad5a-0b86574bce11}) (Version: 1.0.17.0 - Verizon)
    Message+ (x32 Version: 1.0.17.0 - Verizon) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCELR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 49.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0 (x86 en-US)) (Version: 49.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0 - Mozilla)
    Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
    MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
    MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
    newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
    newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
    NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
    SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
    Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Trigger External Graphics Family 15.03.0727.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 15.03.0727.0179 - MCT Corp)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
    WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2280355098-1021079581-2583612672-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {060E5139-3244-4806-966D-FD7B28B9A5AF} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
    Task: {1F8CDAD1-E4D3-44CC-AEF7-CBCFD50D4DF4} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
    Task: {51CF9DD3-A0E0-45FA-8566-D4A41F1707B8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
    Task: {736AD6D0-E6D2-4E8D-9AC0-704117B9C85C} - System32\Tasks\G2MUploadTask-S-1-5-21-2280355098-1021079581-2583612672-1000 => C:\Users\User\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-03] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {7708F54A-3BBD-47D9-B685-36B3F30BC0EE} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
    Task: {78E4D051-EF8D-48F7-ABED-815AA0A9664A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
    Task: {A291C69A-F260-4763-92B9-A4E9C892B66D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2280355098-1021079581-2583612672-1000 => C:\Users\User\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-03] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {A35B1149-9219-46BD-B7CA-3E48316010ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
    Task: {A8245557-F8F3-44CD-92FB-453C54BA302B} - System32\Tasks\SafeZone scheduled Autoupdate 1450375868 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
    Task: {B76A78B8-16F0-497F-A46F-88F7B5B20B7E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
    Task: {BC3E9E26-2315-4FA9-B09D-8A1B7CC20F4D} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
    Task: {D1A16746-97D5-479E-A796-6B42B5636857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
    Task: {D280ED23-10D7-4D16-90D2-FF81D30B0026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
    Task: {E5197027-0C56-4F88-9715-32A859CA0622} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {EADCACE7-1D4D-4EF7-A90D-3838B3EB2552} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-10] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2280355098-1021079581-2583612672-1000.job => C:\Users\User\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2280355098-1021079581-2583612672-1000.job => C:\Users\User\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
    2015-09-21 14:59 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
    2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-21 16:24 - 2012-08-28 13:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
    2015-08-21 16:24 - 2014-08-22 16:10 - 02244912 _____ () C:\Windows\system32\MlPatch.exe
    2015-11-16 16:10 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
    2016-05-10 06:57 - 2016-05-10 06:57 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-05-10 06:57 - 2016-05-10 06:57 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-11-04 15:52 - 2016-11-04 15:52 - 03127760 _____ () C:\Program Files\AVAST Software\Avast\defs\16110401\algo.dll
    2016-05-10 06:57 - 2016-05-10 06:57 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-05-10 06:57 - 2016-05-10 06:57 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-11-08 16:26 - 2016-11-08 16:26 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16110805\algo.dll
    2011-04-23 19:29 - 2011-04-23 19:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
    2011-04-23 19:29 - 2011-04-23 19:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
    2011-04-23 19:29 - 2011-04-23 19:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
    2014-10-20 19:21 - 2014-10-20 19:21 - 00612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL
    2015-05-13 03:30 - 2015-05-13 03:30 - 01655296 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll
    2016-11-04 17:23 - 2016-11-04 17:23 - 00098816 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32api.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00110080 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\pywintypes27.dll
    2016-11-04 17:23 - 2016-11-04 17:23 - 00364544 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\pythoncom27.dll
    2016-11-04 17:23 - 2016-11-04 17:23 - 00320512 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32com.shell.shell.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00776704 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_hashlib.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 01176576 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._core_.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00806400 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._gdi_.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00816128 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._windows_.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 01067008 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._controls_.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00733184 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._misc_.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00682496 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\pysqlite2._sqlite.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_ctypes.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00119808 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32file.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00108544 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32security.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00007168 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\hashobjs_ext.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00017920 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\thumbnails_ext.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00088064 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\usb_ext.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00012800 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\common.time34.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00018432 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32event.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00167936 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32gui.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00046080 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_socket.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 01208320 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_ssl.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00128512 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_elementtree.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00127488 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\pyexpat.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00038912 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32inet.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00036864 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_psutil_windows.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00525208 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\windows._lib_cacheinvalidation.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00011264 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32crypt.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00077312 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._html2.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00027136 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_multiprocessing.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00020480 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\_yappi.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00035840 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32process.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00686080 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\unicodedata.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00078848 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._animate.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00123392 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\wx._wizard.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00024064 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32pipe.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00010240 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\select.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00025600 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32pdh.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00017408 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32profile.pyd
    2016-11-04 17:23 - 2016-11-04 17:23 - 00022528 ____R () C:\Users\User\AppData\Local\Temp\_MEI32322\win32ts.pyd
    2015-12-17 11:56 - 2015-12-17 11:56 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-05-12 12:58 - 2016-05-12 12:58 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f91bd970f20123a46b575cf6e92bc441\IsdiInterop.ni.dll
    2011-10-14 03:20 - 2011-04-30 01:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2016-09-17 13:17 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Dolby PCEE4\pcee4.exe" -autostart
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: GoToMeeting => "C:\Users\User\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe" "/Trigger RunAtLogon"
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: join.me.launcher => C:\Users\User\AppData\Local\join.me.launcher\join.me.launcher.exe
    MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{1D871C70-BC4E-4984-AE67-AD8360D80034}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe] => (Allow) C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe
    FirewallRules: [UDP Query User{4324CC84-8EBE-4122-9B4F-E074AC7B630A}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe] => (Allow) C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe
    FirewallRules: [TCP Query User{0910133B-B42F-4403-A561-2408DAB8CAA7}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe] => (Block) C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe
    FirewallRules: [UDP Query User{C4BACE76-454E-492E-B933-EF5C63C87D17}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe] => (Block) C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe
    FirewallRules: [{84F59731-84C2-4C43-8120-F463D3F24E4D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{C2C41230-DA5D-4A93-B7CE-5469213E3768}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{21324952-07A4-4249-90C4-AF52088F4AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{FB5FAA72-AD45-445F-A680-41AAE8F387AC}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{5F71E0EB-2D64-41E5-AFFE-340A44DF6DC4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{BD848A9B-8296-480A-B256-65A5BB7F2284}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{5234DA82-6C5D-45D2-84C7-A95A4FAFA563}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{E784F03F-994E-43E2-A01B-510B4B360174}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{5CE25BB7-8E33-447A-A162-EF452F5050D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    20-09-2016 16:35:10 Windows Update
    21-09-2016 16:00:17 Windows Update
    25-09-2016 14:04:13 Windows Update
    26-09-2016 16:12:39 ASU_MSI_TRAN
    28-09-2016 16:11:13 Windows Update
    04-10-2016 19:38:48 Windows Update
    08-10-2016 08:08:10 Windows Update
    19-10-2016 18:41:10 ASU_MSI_TRAN
    19-10-2016 20:32:27 Windows Update
    19-10-2016 21:19:28 Windows Update
    20-10-2016 19:59:13 Windows Update
    23-10-2016 09:07:40 ASU_MSI_TRAN
    25-10-2016 17:21:51 Windows Update
    29-10-2016 19:43:51 Windows Update
    03-11-2016 17:46:13 ASU_MSI_TRAN

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/08/2016 04:20:28 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (11/07/2016 09:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 19609

    Error: (11/07/2016 09:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 19609

    Error: (11/07/2016 09:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/07/2016 09:28:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18486

    Error: (11/07/2016 09:28:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18486

    Error: (11/07/2016 09:28:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/07/2016 09:27:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 17488

    Error: (11/07/2016 09:27:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 17488

    Error: (11/07/2016 09:27:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (11/06/2016 06:30:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

    Error: (11/03/2016 05:31:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/03/2016 05:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Virtualization Client service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/03/2016 05:30:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

    Error: (10/31/2016 03:26:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.

    Error: (10/30/2016 02:57:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.

    Error: (10/26/2016 05:02:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (10/26/2016 05:02:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (10/20/2016 09:16:31 PM) (Source: cdrom) (EventID: 7) (User: )
    Description: The device, \Device\CdRom0, has a bad block.

    Error: (10/20/2016 09:16:26 PM) (Source: cdrom) (EventID: 7) (User: )
    Description: The device, \Device\CdRom0, has a bad block.


    CodeIntegrity:
    ===================================
    Date: 2016-07-19 12:19:48.679
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:48.637
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:48.549
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:48.408
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:48.384
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:48.366
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:47.609
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:47.582
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:47.564
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2016-07-19 12:19:47.522
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 28%
    Total physical RAM: 5995.86 MB
    Available physical RAM: 4261.36 MB
    Total Virtual: 11989.9 MB
    Available Virtual: 9532.8 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:369.82 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 746A0410)
    Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    SearchScopes: HKU\S-1-5-21-2280355098-1021079581-2583612672-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

  8. #8
    Member
    Join Date
    Jan 2008
    Location
    Birmingham, AL
    Posts
    27
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
    Ran by User (08-11-2016 17:27:17) Run:1
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: User)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    SearchScopes: HKU\S-1-5-21-2280355098-1021079581-2583612672-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
    HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
    "HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    {8F9BB421-E2E8-4BE7-B371-BF5EB06AEDAE} canceled.
    {E1548ED3-A451-4595-8EFC-E731377154A1} canceled.
    {B307607E-89E8-45FB-BF64-303DB363CCAA} canceled.
    {1409AF8B-16E0-4ADF-8328-E550246D444F} canceled.
    {C45A32F7-C7B0-41ED-90A8-AE4D6561DBAC} canceled.
    5 out of 5 jobs canceled.

    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-2280355098-1021079581-2583612672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52374881 B
    Java, Flash, Steam htmlcache => 1807 B
    Windows/system/drivers => 462231487 B
    Edge => 0 B
    Chrome => 510249512 B
    Firefox => 239875307 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 82936 B
    systemprofile32 => 115380 B
    LocalService => 0 B
    NetworkService => 325324 B
    User => 878561141 B

    RecycleBin => 0 B
    EmptyTemp: => 2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 17:30:11 ====

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    The rest of the log file looks normal and good.

    Are there any other issues ? If not we are done.

    You may remove any tools and log files now.

    Thanks
    Joe

  10. #10
    Member
    Join Date
    Jan 2008
    Location
    Birmingham, AL
    Posts
    27
    Points
    0

    Default

    Let me give it a go for a while! Thank you so much for your help, Joe! I really appreciate it.

Page 1 of 2 12 LastLast