[SOLVED] google chrome proxy grayed out

rosetta · Jan 27, 2016

Good morning forum, i have a issue with my google chrome proxy setting is grayed out. i have tried many suggestions on the internet but to no avail and i checked for malware and viruses and founded none. l ran google as administrator but still to no avail. the only way i founded how to get pass this is to run in safe mode with networking. can some one please help me with this? Thank you.

Corrine · Jan 27, 2016

Hi, rosetta.

Please post the logs requested in this topic: Malware Removal Posting Instructions.

rosetta · Jan 28, 2016

here is the logs you requested Corrine Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
AVG PC TuneUp 2015 (en-US)
AVG PC TuneUp 2015
CCleaner
Little Registry Cleaner
SlimCleaner
Java 8 Update 60
Java 8 Update 66
Java 8 Update 72
Adobe Flash Player 20.0.0.286
Mozilla Firefox (44.0)
Google Chrome (47.0.2526.111)
Google Chrome (48.0.2564.82)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
Ruiware WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

rosetta · Jan 28, 2016

here is the farbar report.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016Ran by Acer (administrator) on ACER-PC (28-01-2016 11:45:09)
Running from C:\Users\Acer\Desktop
Loaded Profiles: Acer (Available Profiles: Acer)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-08] (AVAST Software)
Winlogon\Notify\igfxcui: [X]
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [432672 2009-10-23] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-01-08] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => No File
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Restriction - ProxySettings)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B0FE0666-FB9C-4AFC-A9E7-DA49D34C4B39}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B0FE0666-FB9C-4AFC-A9E7-DA49D34C4B39}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B2497EAA-3608-4BA6-9E93-73E286848F45}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-08] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
Handler: AutorunsDisabled\livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: AutorunsDisabled\msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll [2008-07-02] (Skype Technologies)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.0.1.9 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-07-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-07-19] (RealTimes)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Click&Clean - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default\extensions\clickclean@hotcleaner.com [2015-09-12]
FF Extension: Fasterfox - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-09-12]
FF Extension: uBlock - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-16]
CHR Extension: (Click&Clean) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-16]
CHR Extension: (better Browser - for Chrome) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh [2016-01-16]
CHR Extension: (Click&Clean App) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-01-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-08] (AVAST Software)
S4 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-07] (Dropbox, Inc.)
S4 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
S4 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-19] (RealNetworks, Inc.)
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2016-01-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2016-01-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2016-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2016-01-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2016-01-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449384 2016-01-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2016-01-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2016-01-08] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3355136 2015-12-11] (Qualcomm Atheros Communications, Inc.)
S1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [112408 2015-09-06] (Emsisoft GmbH)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
S4 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-09-04] (Glarysoft Ltd)
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29912 2013-09-30] (IObit)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2015-05-14] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-28] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2015-12-09] (Raxco Software, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [27688 2015-12-09] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2016-01-23] (wisecleaner.com)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [177888 2015-11-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [177888 2015-11-26] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 11:45 - 2016-01-28 11:45 - 00016687 _____ C:\Users\Acer\Desktop\FRST.txt
2016-01-28 11:43 - 2016-01-28 11:43 - 00852798 _____ C:\Users\Acer\Desktop\SecurityCheck.exe
2016-01-28 11:42 - 2016-01-28 11:42 - 01721856 _____ (Farbar) C:\Users\Acer\Desktop\FRST.exe
2016-01-28 11:20 - 2016-01-28 11:20 - 00000630 _____ C:\Users\Acer\Downloads\MTB.txt
2016-01-28 10:27 - 2016-01-28 10:28 - 00016154 _____ C:\Windows\ntbtlog.txt
2016-01-28 07:10 - 2016-01-28 07:14 - 00000000 ____D C:\AdwCleaner
2016-01-28 07:09 - 2016-01-28 07:09 - 01507840 _____ C:\Users\Acer\Downloads\adwcleaner_5.031.exe
2016-01-27 15:37 - 2016-01-27 15:37 - 00419576 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-27 10:19 - 2016-01-27 10:19 - 00000264 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Acer.job
2016-01-27 02:38 - 2016-01-27 02:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-26 00:14 - 2016-01-26 00:14 - 00000000 ____D C:\Users\Acer\AppData\Roaming\EncryptStick
2016-01-23 23:55 - 2016-01-26 00:46 - 00000374 _____ C:\Windows\Tasks\Wise Care 365.job
2016-01-23 23:44 - 2016-01-28 10:29 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Wise Care 365
2016-01-23 23:44 - 2016-01-23 23:44 - 00013264 _____ (wisecleaner.com) C:\Windows\WiseHDInfo32.dll
2016-01-23 23:43 - 2016-01-27 13:28 - 00001968 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
2016-01-23 23:43 - 2016-01-23 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2016-01-23 23:43 - 2016-01-23 23:43 - 00000000 ____D C:\Program Files\Wise
2016-01-23 23:42 - 2016-01-23 23:42 - 06378664 _____ (WiseCleaner.com ) C:\Users\Acer\Downloads\WiseCare365.exe
2016-01-23 19:07 - 2016-01-23 19:10 - 00000000 ____D C:\Program Files\GUM96B3.tmp
2016-01-23 19:05 - 2016-01-23 19:05 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Sun
2016-01-23 19:05 - 2016-01-23 19:05 - 00000000 ____D C:\Users\Acer\.oracle_jre_usage
2016-01-23 19:05 - 2016-01-23 19:05 - 00000000 ____D C:\Program Files\Common Files\Java
2016-01-23 15:44 - 2016-01-28 10:27 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2016-01-23 15:44 - 2016-01-28 10:27 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-01-23 15:43 - 2016-01-23 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-23 15:40 - 2016-01-23 15:40 - 00001717 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-23 15:40 - 2016-01-23 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-23 15:39 - 2016-01-23 15:40 - 00000000 ____D C:\Program Files\iTunes
2016-01-23 15:39 - 2016-01-23 15:39 - 00000000 ____D C:\Program Files\iPod
2016-01-23 15:34 - 2016-01-23 15:34 - 00000000 ____D C:\Program Files\Bonjour
2016-01-23 15:10 - 2016-01-23 15:10 - 00000000 ____D C:\Users\Acer\AppData\Local\Apple
2016-01-23 12:39 - 2016-01-23 12:39 - 00000000 ____D C:\Users\Acer\AppData\Roaming\RealNetworks
2016-01-21 14:38 - 2016-01-23 15:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Apple Computer
2016-01-21 14:38 - 2016-01-23 15:43 - 00000000 ____D C:\Users\Acer\AppData\Local\Apple Computer
2016-01-21 14:38 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2016-01-21 14:37 - 2016-01-23 15:38 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2016-01-21 14:37 - 2016-01-21 14:37 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-21 14:35 - 2016-01-23 15:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-21 14:35 - 2016-01-23 15:32 - 00000000 ____D C:\ProgramData\Apple
2016-01-21 14:35 - 2016-01-21 14:35 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-21 14:35 - 2016-01-21 14:35 - 00000000 ____D C:\Program Files\Apple Software Update
2016-01-21 14:30 - 2016-01-21 14:33 - 108771096 _____ (Apple Inc.) C:\Users\Acer\Downloads\iTunesSetup.exe
2016-01-17 17:51 - 2016-01-17 17:51 - 00001264 _____ C:\Users\Acer\Desktop\tweaking.com_windows_repair_aio.lnk
2016-01-17 15:24 - 2016-01-17 15:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ACER-PC-Windows-7-Starter-(32-bit).dat
2016-01-17 15:20 - 2016-01-17 15:21 - 19731263 _____ C:\Users\Acer\Downloads\tweaking.com_windows_repair_aio.zip
2016-01-16 21:36 - 2016-01-27 10:13 - 00000000 ____D C:\Users\Acer\AppData\Local\Google
2016-01-16 21:36 - 2016-01-23 19:08 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-16 21:36 - 2016-01-23 19:08 - 00002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-16 21:33 - 2016-01-26 00:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-16 21:33 - 2016-01-26 00:47 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-16 21:33 - 2016-01-23 12:39 - 00000000 ____D C:\Program Files\Google
2016-01-16 16:09 - 2016-01-08 16:38 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-14 00:18 - 2016-01-14 00:18 - 00000000 ___HT C:\Windows\wusa.lock
2016-01-13 02:38 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 02:38 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 02:38 - 2015-12-12 12:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 02:38 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 02:38 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 02:38 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 02:38 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 02:38 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 02:38 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 02:38 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 02:38 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 02:38 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 02:38 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 02:38 - 2015-12-12 12:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 02:38 - 2015-12-12 12:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 02:38 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 02:38 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 02:38 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 02:38 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 02:38 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 02:38 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 02:38 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 02:38 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 02:38 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 02:38 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 02:38 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 02:38 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 02:37 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 02:37 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 02:37 - 2015-12-30 13:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 02:37 - 2015-12-30 13:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 02:37 - 2015-12-30 13:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 02:37 - 2015-12-30 13:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 02:37 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 02:37 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 02:37 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 02:37 - 2015-12-30 13:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 02:37 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 02:37 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 02:37 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 02:37 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 02:37 - 2015-12-30 12:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 02:37 - 2015-12-30 12:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 02:37 - 2015-12-30 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 02:37 - 2015-12-30 12:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 02:37 - 2015-12-30 12:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 02:37 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 02:37 - 2015-12-30 12:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 02:37 - 2015-12-30 12:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 02:37 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 02:37 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 02:37 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 02:37 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 02:37 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 02:37 - 2015-11-16 19:45 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 02:37 - 2015-11-16 19:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 02:36 - 2015-12-11 13:35 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 02:36 - 2015-11-16 15:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 02:35 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 02:35 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 02:35 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 02:35 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 02:35 - 2015-12-08 16:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 02:35 - 2015-12-08 16:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 02:35 - 2015-12-08 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 02:35 - 2015-12-08 16:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 02:35 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 02:35 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 02:35 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-08 20:01 - 2016-01-08 20:01 - 00000000 ____D C:\2d66f6b35c550371334d98ee88b4
2016-01-08 16:49 - 2016-01-08 16:49 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-08 16:49 - 2016-01-08 16:49 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-08 16:46 - 2016-01-08 16:45 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-01-08 16:40 - 2016-01-08 16:40 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2016-01-08 16:39 - 2016-01-16 16:11 - 00001967 _____ C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2016-01-08 16:39 - 2016-01-08 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-08 16:38 - 2016-01-20 20:19 - 00812208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-08 16:38 - 2016-01-20 20:19 - 00449384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00117712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-08 16:38 - 2016-01-08 16:38 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-08 16:35 - 2016-01-08 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-08 16:35 - 2016-01-08 16:45 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-08 16:33 - 2016-01-08 16:33 - 05037256 _____ (AVAST Software) C:\Users\Acer\Desktop\avast_pro_antivirus_setup_online.exe
2016-01-07 22:36 - 2016-01-07 22:47 - 00000000 ____D C:\Program Files\SpeedFan
2016-01-07 22:35 - 2016-01-07 22:36 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2016-01-07 19:10 - 2016-01-07 19:10 - 02270550 _____ C:\Users\Acer\Desktop\hw32_512.zip
2016-01-02 22:56 - 2016-01-02 23:31 - 966201089 _____ C:\Users\Acer\Downloads\Photos.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 11:45 - 2015-11-11 16:41 - 00000000 ____D C:\FRST
2016-01-28 10:36 - 2009-07-13 23:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-28 10:36 - 2009-07-13 23:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-28 10:28 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-28 10:26 - 2015-05-02 17:09 - 00000000 ____D C:\Windows\Minidump
2016-01-28 10:00 - 2015-05-08 22:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-28 00:59 - 2015-08-10 11:24 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-28 00:14 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-01-27 15:18 - 2015-05-14 12:13 - 00000000 ____D C:\EEK
2016-01-27 13:50 - 2015-07-30 18:50 - 00196608 _____ C:\Windows\system32\config\default.rhk
2016-01-27 13:50 - 2015-07-30 18:50 - 00057344 _____ C:\Windows\system32\config\sam.rhk
2016-01-27 13:50 - 2015-07-30 18:50 - 00024576 _____ C:\Windows\system32\config\security.rhk
2016-01-27 13:50 - 2015-05-05 03:19 - 56242176 _____ C:\Windows\system32\config\software.rhk
2016-01-27 13:40 - 2015-10-17 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-27 11:31 - 2015-05-14 11:04 - 21278720 _____ C:\Windows\system32\config\components.iobit
2016-01-27 11:31 - 2015-05-14 11:04 - 00200704 _____ C:\Windows\system32\config\default.iobit
2016-01-27 11:31 - 2015-05-14 11:04 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2016-01-27 11:31 - 2015-05-14 11:04 - 00024576 _____ C:\Windows\system32\config\security.iobit
2016-01-27 11:31 - 2015-05-14 11:03 - 56619008 _____ C:\Windows\system32\config\software.iobit
2016-01-27 10:19 - 2015-05-14 10:53 - 00000000 ____D C:\ProgramData\IObit
2016-01-27 08:29 - 2009-07-13 23:53 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-26 00:54 - 2015-10-22 08:46 - 00000000 ____D C:\ProgramData\ProductData
2016-01-26 00:18 - 2015-07-07 19:17 - 00007598 _____ C:\Users\Acer\AppData\Local\Resmon.ResmonCfg
2016-01-23 20:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2016-01-23 20:09 - 2015-05-04 13:42 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla
2016-01-23 19:42 - 2012-02-16 15:40 - 00000000 ____D C:\Users\Acer
2016-01-23 19:31 - 2015-07-01 23:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-23 19:30 - 2015-09-12 21:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-23 19:25 - 2009-11-05 14:36 - 00785126 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-23 19:16 - 2015-08-20 18:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-23 19:11 - 2015-09-12 21:57 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-23 19:11 - 2015-09-12 21:57 - 00001079 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-23 19:05 - 2015-06-29 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-23 19:04 - 2015-06-29 22:20 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-01-23 19:04 - 2015-06-29 22:17 - 00000000 ____D C:\Program Files\Java
2016-01-23 19:02 - 2015-07-01 23:11 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-23 19:02 - 2012-02-17 12:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-23 12:30 - 2015-05-08 16:39 - 00000000 ____D C:\Program Files\Glary Utilities 5
2016-01-23 12:27 - 2015-11-07 01:06 - 00000000 ____D C:\Users\Acer\AppData\Local\Dropbox
2016-01-23 12:27 - 2015-08-07 14:57 - 00000000 ____D C:\Users\Acer\AppData\LocalLow\Adobe
2016-01-23 12:27 - 2015-07-01 23:09 - 00000000 ____D C:\Users\Acer\AppData\Local\Adobe
2016-01-23 12:27 - 2015-06-20 15:00 - 00000000 ____D C:\Users\Acer\AppData\Local\Apps\2.0
2016-01-23 12:27 - 2015-05-27 13:09 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
2016-01-23 12:27 - 2015-05-05 17:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\GlarySoft
2016-01-23 12:27 - 2012-02-17 12:37 - 00000000 ____D C:\ProgramData\Real
2016-01-23 12:27 - 2009-11-05 15:21 - 00000000 ____D C:\ProgramData\Adobe
2016-01-23 12:25 - 2015-11-07 01:06 - 00000000 ____D C:\Program Files\Dropbox
2016-01-22 22:55 - 2015-08-31 09:48 - 00000000 ____D C:\Users\Acer\AppData\Roaming\vlc
2016-01-16 22:35 - 2009-07-13 21:37 - 00000000 __RSD C:\Windows\Media
2016-01-16 22:33 - 2015-11-19 23:38 - 00000000 ____D C:\Program Files\Seagate
2016-01-16 22:04 - 2015-07-25 11:30 - 00000000 ____D C:\Program Files\Recuva
2016-01-16 16:05 - 2015-05-04 04:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-16 16:05 - 2015-05-04 04:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-16 16:04 - 2015-05-14 11:46 - 00000000 ____D C:\Users\Acer\AppData\LocalLow\IObit
2016-01-16 16:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2016-01-16 11:24 - 2015-06-08 00:08 - 00000000 ____D C:\Windows\system32\config\Before Compact
2016-01-14 14:59 - 2009-07-13 21:03 - 29884416 _____ C:\Windows\system32\config\system.bak
2016-01-14 10:56 - 2015-10-23 18:18 - 00000000 ____D C:\Users\Acer\AppData\Local\niemiro
2016-01-13 23:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\Msdtc
2016-01-13 17:07 - 2015-07-22 18:18 - 05714111 _____ C:\Users\Acer\Downloads\Motorola_Mobile_Drivers_32bit.msi.zip
2016-01-13 03:51 - 2009-11-05 15:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:30 - 2012-02-16 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:19 - 2015-05-04 03:44 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:05 - 2012-02-16 18:22 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 02:27 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Help
2016-01-09 22:58 - 2012-02-17 12:20 - 00000000 __RHD C:\MSOCache
2016-01-09 22:58 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-08 20:03 - 2015-11-07 01:06 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-08 18:18 - 2015-11-07 01:06 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-08 16:38 - 2015-09-07 19:30 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-07 00:45 - 2015-12-26 19:22 - 00000000 ____D C:\Program Files\TeamViewer
2016-01-07 00:45 - 2015-11-27 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-07 00:45 - 2015-11-27 13:22 - 00000000 ____D C:\Program Files\CCleaner
2016-01-06 22:01 - 2015-10-22 08:47 - 00002060 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2016-01-06 22:01 - 2009-11-05 15:21 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

==================== Files in the root of some directories =======

2015-10-28 19:51 - 2015-10-28 19:51 - 0000996 _____ () C:\Users\Acer\AppData\Local\Music - Shortcut.lnk
2015-07-07 19:17 - 2016-01-26 00:18 - 0007598 _____ () C:\Users\Acer\AppData\Local\Resmon.ResmonCfg
2015-11-12 15:01 - 2015-11-12 15:01 - 0000000 _____ () C:\Users\Acer\AppData\Local\{598D056A-8C6D-4D50-B143-B8B80A5C2616}
2015-05-14 14:29 - 2015-05-14 14:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-07 01:15

==================== End of FRST.txt ============================

rosetta · Jan 28, 2016

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Acer (2016-01-28 11:46:46)
Running from C:\Users\Acer\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2012-02-16 20:39:53)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Acer (S-1-5-21-2520408212-3538239084-1909245453-1000 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-2520408212-3538239084-1909245453-500 - Administrator - Disabled)
Guest (S-1-5-21-2520408212-3538239084-1909245453-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.2.1026 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
Avast Pro Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG PC TuneUp 2015 (en-US) (Version: 15.0.1001.471 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (Version: 15.0.1001.471 - AVG Technologies) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.0820 - CyberLink Corp.)
Driver Booster 2.3 (HKLM\...\Driver Booster_is1) (Version: 2.3 - IObit)
Dropbox (HKLM\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Glary Utilities 5.27 (HKLM\...\Glary Utilities 5) (Version: 5.27.0.47 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.1.0.21 - IObit)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Java 8 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Little Registry Cleaner (HKLM\...\Little Registry Cleaner) (Version: - Little Apps)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 44.0 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
RealDownloader (Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
SeaTools for Windows 1.4.0.2 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Should I Remove It (HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TakeOwnershipPro 1.0 (HKLM\...\TakeOwnershipPro_is1) (Version: - )
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wise Care 365 3.95 (HKLM\...\Wise Care 365_is1) (Version: 3.95 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005C815C-04C3-4FC9-8D40-29C8951C2FFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {0CE8848C-EAE7-4520-A7E6-7D20957A8917} - \SlimCleaner Run -> No File <==== ATTENTION
Task: {2DD6D0C1-D9B9-4433-B32F-16A0AB1AB18E} - \bvxvbvef -> No File <==== ATTENTION
Task: {38B4A0C6-AB2F-4118-897E-3C377CE42DE8} - System32\Tasks\Driver Booster SkipUAC (Acer) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-04-07] (IObit)
Task: {3C1BFB7B-5040-4FF1-BD28-52553D4CF3FF} - System32\Tasks\Wise Care 365 => C:\Program Files\Wise\Wise Care 365\WiseTray.exe [2015-12-18] (WiseCleaner.com)
Task: {57197A15-C859-4856-BB86-9E1985D61AC3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5A91FDE6-608A-4135-BC0A-3FC0612E553B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {5AF2D535-C454-4797-9E25-F047E5814AA7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2520408212-3538239084-1909245453-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {63CD959C-2C1E-4ABA-9137-AC01D30E48B9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-07] (Dropbox, Inc.)
Task: {63EBF7A9-390F-43C8-8D2F-02AD5381618D} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {645BA76E-D052-400D-B843-915E66689749} - \Selection Tools Update -> No File <==== ATTENTION
Task: {6626EAE8-29D0-42B1-BBFF-395D702247AD} - \WindApp Update -> No File <==== ATTENTION
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6E21EDD4-F5CB-47B2-8F31-C9DCE7C32762} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-08] (AVAST Software)
Task: {77679BB4-3F25-4DC3-A089-F12C6B41FD84} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
Task: {7AE04B5F-2FD8-45F9-A1DD-046A19C83D6A} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION
Task: {88731596-8B01-4A7D-B6ED-C6D0B0F19B09} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {8AE262AD-FEC9-4587-B972-F55430EAE819} - System32\Tasks\ASC9_SkipUac_Acer => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2015-11-30] (IObit)
Task: {93A8F30F-FC6D-4E2C-9F72-4F49BFCCAA33} - \SmartDefrag4_Update -> No File <==== ATTENTION
Task: {94010FF2-D706-4500-BEF0-9F6CCB068CBD} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2015-03-30] (IObit)
Task: {97D6B60D-62B5-4BEB-A07D-79F67B25DCAF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-07] (Dropbox, Inc.)
Task: {AC5C356A-371D-4D17-93C5-C6FF58CAC645} - System32\Tasks\SafeZone scheduled Autoupdate 1452289729 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {AE4E7A87-0037-4CBC-851C-38E805264F0B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {AE8ED4DF-82EC-4F3C-8705-6962127F8139} - \RealUpgradeScheduledTaskS-1-5-21-2520408212-3538239084-1909245453-1000 -> No File <==== ATTENTION
Task: {B15C71C4-7FDC-419D-B2A9-A27690C97454} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2015-12-18] (IObit)
Task: {B2216C02-49DF-459C-A57C-39419BA70ABB} - \RealUpgradeLogonTaskS-1-5-21-2520408212-3538239084-1909245453-1000 -> No File <==== ATTENTION
Task: {BAEA2A78-CC86-4E9C-8A4D-8EE7885FD040} - \WiseCleaner\WRCSkipUAC -> No File <==== ATTENTION
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DA7B16D0-FCBF-4B76-8497-FEBBAB601702} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2520408212-3538239084-1909245453-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {DB25ECBB-78F0-4E22-B4F3-1BDF012F11B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {DB829080-32C4-4858-878D-A4DE0988ED83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)
Task: {DC34B60F-E0C9-4D05-802C-BAED9E18B4BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)
Task: {E80392BB-81A2-414E-B7CA-9CF1BEF8826E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-19] (AVAST Software)
Task: {FDAB6CF4-565A-46A8-8CBE-304CC2E85C2F} - System32\Tasks\Uninstaller_SkipUac_Acer => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-11-23] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Acer.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files\Wise\Wise Care 365\WiseTray.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-08 16:38 - 2016-01-08 16:38 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-08 16:38 - 2016-01-08 16:38 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-28 06:59 - 2016-01-28 06:59 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012800\algo.dll
2016-01-08 16:38 - 2016-01-08 16:38 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-28 11:29 - 2016-01-28 11:29 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012802\algo.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:39 - 2015-12-17 18:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-08 16:38 - 2016-01-08 16:38 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2016-01-07 23:38 - 00000768 ___AS C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: dbupdate => 3
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 8 =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: EgisTecLiveUpdate =>
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: RealDownloader => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{998291F5-A76E-4787-B3B0-09F31EEAEA62}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{922709AB-E278-4722-8182-46A92B604CFA}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{B7A05563-8D04-4267-900F-627EA5E093A9}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B3230F22-7E28-4E12-B0C3-2AD56C50D944}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{83054DA3-73CD-4C70-ADED-5885E8729D0B}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{289175F8-5FAB-4F70-AC1F-EBD445F7BF98}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{6421BD4E-43F4-4039-AAE2-97DD8A9C3BC6}] => (Allow) c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [{5B467965-EACC-4D23-8E14-D9D89F74DADD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE78BF9F-14EB-4854-9488-BB40F3DE4AA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{53A7CE53-3E23-4726-8C55-BA20FD27BB61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{443CEE3D-2F2A-4D14-B5D6-39E3DE1358DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF57CB2E-76A6-421F-900A-2F417BBB845B}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{FFD2CD10-F23C-4BB3-93AB-D695AF73DB65}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{47249F78-FD42-4488-9D69-676CF23531D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{F7BC339B-19E3-498F-B8DD-D092852E167B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6ADF068-D870-4EC0-B2AA-DCF7E7B93004}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{20994F92-0F50-450B-A143-F6A33D52D2A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF74E7E6-2F87-48B5-89E2-9E7BF26EB04E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFB4D7C8-6772-478A-B83F-D519F37893C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C9C515E1-7F95-467A-B56F-924D5B9F612A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-01-2016 23:39:30 Created by Wise Care 365
27-01-2016 14:50:28 Revo Uninstaller Pro's restore point - adwcleaner
27-01-2016 23:25:06 Revo Uninstaller Pro's restore point - BitTorrent
27-01-2016 23:28:44 Revo Uninstaller Pro's restore point - bit torrent

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 10:29:15 AM) (Source: ESENT) (EventID: 439) (User: )
Description: DllHost (2428) WebCacheLocal: Unable to write a shadowed header for file C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

Error: (01/28/2016 10:29:15 AM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2428) WebCacheLocal: An attempt to open the file "C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/28/2016 12:14:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/27/2016 03:38:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1492) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (01/27/2016 11:51:36 AM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (2484) WebCacheLocal: Database recovery/restore failed with unexpected error -543.

Error: (01/27/2016 11:51:36 AM) (Source: ESENT) (EventID: 452) (User: )
Description: DllHost (2484) WebCacheLocal: Database C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat requires logfiles 1-10 in order to recover successfully. Recovery could only locate logfiles starting at 10.

Error: (01/27/2016 10:21:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - adwcleaner; Error = 0x8007043c).

Error: (01/26/2016 01:07:21 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (2328) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V0100001.log.

Error: (01/25/2016 11:24:55 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (2820) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (01/23/2016 03:15:05 PM) (Source: MsiInstaller) (EventID: 11722) (User: Acer-PC)
Description: Product: iCloud -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RuniCloudUpgrade, location: C:\Program Files\Common Files\Apple\Internet Services\, command: C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe /upgrade

System errors:
=============
Error: (01/28/2016 10:29:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (01/28/2016 10:29:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (01/28/2016 10:29:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (01/28/2016 10:29:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (01/28/2016 10:29:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/28/2016 10:29:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (01/28/2016 10:29:15 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/28/2016 10:28:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
epp32

Error: (01/28/2016 10:28:12 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (01/28/2016 10:28:12 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

CodeIntegrity:
===================================
Date: 2015-11-05 11:34:19.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:18.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:18.382
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:18.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:15.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:15.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:14.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:14.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 17:25:01.463
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 17:25:01.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 34%
Total physical RAM: 2037.1 MB
Available physical RAM: 1325.51 MB
Total Virtual: 5109.1 MB
Available Virtual: 4361.22 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:184.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A2312F79)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Corrine · Jan 28, 2016

Hi, rosetta. Thank you for the logs.

1. From Using System Configuration (msconfig) - Windows Help:

System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.

System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. {Bold added}

In other words, MSConfig is useful for troubleshooting but not for managing startup programs. Using MSConfig can lock malware in the registry, only to become apparent should it be restored to normal start up. In addition, there is no automated way of changing the setting. Each has to be done manually, which is what I suggest that you do. Otherwise, the programs that I am advising you uninstall below will leave leftovers behind.

---> Click start, type msconfig in the search box, open msconfig, click on the start up tab. Put a check mark in each entry, reboot the computer.

2. Next, a word brief about registry cleaners: Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. In addition, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities. Using CCleaner for cookie management is fine, although you do have that option available in WinPatrol. However, unless you are having problems and know what you are doing, I suggest you leave the registry alone.

Thus, I strongly advise you to uninstall the following:

*AVG PC TuneUp 2015 (en-US) (Version: 15.0.1001.471 - AVG Technologies) Hidden
*AVG PC TuneUp 2015 (Version: 15.0.1001.471 - AVG Technologies) Hidden
Glary Utilities 5.27 (HKLM\...\Glary Utilities 5) (Version: 5.27.0.47 - Glarysoft Ltd)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.1.0.21 - IObit)
Little Registry Cleaner (HKLM\...\Little Registry Cleaner) (Version: - Little Apps)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Wise Care 365 3.95 (HKLM\...\Wise Care 365_is1) (Version: 3.95 - WiseCleaner.com, Inc.)

*Note: You may need to use the AVG Remover tool available from here: AVG | Download tools and utilities

3. Most people do not need Java installed on their computers. It has always been a target for malware. At a minimum, please uninstall the two outdated, vulnerable versions of Java:

Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)

4. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code:

start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-08] (AVAST Software)
Winlogon\Notify\igfxcui: [X]
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Task: {0CE8848C-EAE7-4520-A7E6-7D20957A8917} - \SlimCleaner Run -> No File <==== ATTENTION
Task: {2DD6D0C1-D9B9-4433-B32F-16A0AB1AB18E} - \bvxvbvef -> No File <==== ATTENTION
Task: {63EBF7A9-390F-43C8-8D2F-02AD5381618D} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {645BA76E-D052-400D-B843-915E66689749} - \Selection Tools Update -> No File <==== ATTENTION
Task: {6626EAE8-29D0-42B1-BBFF-395D702247AD} - \WindApp Update -> No File <==== ATTENTION
Task: {7AE04B5F-2FD8-45F9-A1DD-046A19C83D6A} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION
Task: {88731596-8B01-4A7D-B6ED-C6D0B0F19B09} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {93A8F30F-FC6D-4E2C-9F72-4F49BFCCAA33} - \SmartDefrag4_Update -> No File <==== ATTENTION
Task: {AE4E7A87-0037-4CBC-851C-38E805264F0B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {AE8ED4DF-82EC-4F3C-8705-6962127F8139} - \RealUpgradeScheduledTaskS-1-5-21-2520408212-3538239084-1909245453-1000 -> No File <==== ATTENTION
Task: {B2216C02-49DF-459C-A57C-39419BA70ABB} - \RealUpgradeLogonTaskS-1-5-21-2520408212-3538239084-1909245453-1000 -> No File <==== ATTENTION
Task: {BAEA2A78-CC86-4E9C-8A4D-8EE7885FD040} - \WiseCleaner\WRCSkipUAC -> No File <==== ATTENTION
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post the log in your next reply.

rosetta · Jan 29, 2016

i must be doing something wrong in following the directions. i keep getting no fixlist.txt is found. the fixlist should be in the same folder/directory the tool is located. here is a picture of the desktop because that is where everything is located.

rosetta · Jan 29, 2016

i finally figured out the missed steps and got things working, thanks to your computer savvy, and thanks again for your strong suggestions on using certain utilities here iFix result of Farbar Recovery Scan Tool (x86) Version:27-01-2016Ran by Acer (2016-01-29 03:16:51) Run:2
Running from C:\Users\Acer\Desktop
Loaded Profiles: Acer (Available Profiles: Acer)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-08] (AVAST Software)
Winlogon\Notify\igfxcui: [X]
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Task: {0CE8848C-EAE7-4520-A7E6-7D20957A8917} - \SlimCleaner Run -> No File <==== ATTENTION
Task: {2DD6D0C1-D9B9-4433-B32F-16A0AB1AB18E} - \bvxvbvef -> No File <==== ATTENTION
Task: {63EBF7A9-390F-43C8-8D2F-02AD5381618D} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {645BA76E-D052-400D-B843-915E66689749} - \Selection Tools Update -> No File <==== ATTENTION
Task: {6626EAE8-29D0-42B1-BBFF-395D702247AD} - \WindApp Update -> No File <==== ATTENTION
Task: {7AE04B5F-2FD8-45F9-A1DD-046A19C83D6A} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION
Task: {88731596-8B01-4A7D-B6ED-C6D0B0F19B09} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {93A8F30F-FC6D-4E2C-9F72-4F49BFCCAA33} - \SmartDefrag4_Update -> No File <==== ATTENTION
Task: {AE4E7A87-0037-4CBC-851C-38E805264F0B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {AE8ED4DF-82EC-4F3C-8705-6962127F8139} - \RealUpgradeScheduledTaskS-1-5-21-2520408212-3538239084-1909245453-1000 -> No File <==== ATTENTION
Task: {B2216C02-49DF-459C-A57C-39419BA70ABB} - \RealUpgradeLogonTaskS-1-5-21-2520408212-3538239084-1909245453-1000 -> No File <==== ATTENTION
Task: {BAEA2A78-CC86-4E9C-8A4D-8EE7885FD040} - \WiseCleaner\WRCSkipUAC -> No File <==== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value could not remove.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\egisPSDP" => key removed successfully.
HKCR\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CE8848C-EAE7-4520-A7E6-7D20957A8917}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CE8848C-EAE7-4520-A7E6-7D20957A8917}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DD6D0C1-D9B9-4433-B32F-16A0AB1AB18E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DD6D0C1-D9B9-4433-B32F-16A0AB1AB18E}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbvef => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63EBF7A9-390F-43C8-8D2F-02AD5381618D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EBF7A9-390F-43C8-8D2F-02AD5381618D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{645BA76E-D052-400D-B843-915E66689749}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{645BA76E-D052-400D-B843-915E66689749}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6626EAE8-29D0-42B1-BBFF-395D702247AD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6626EAE8-29D0-42B1-BBFF-395D702247AD}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AE04B5F-2FD8-45F9-A1DD-046A19C83D6A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE04B5F-2FD8-45F9-A1DD-046A19C83D6A}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[973b] => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88731596-8B01-4A7D-B6ED-C6D0B0F19B09}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88731596-8B01-4A7D-B6ED-C6D0B0F19B09}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU5SkipUAC" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93A8F30F-FC6D-4E2C-9F72-4F49BFCCAA33}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93A8F30F-FC6D-4E2C-9F72-4F49BFCCAA33}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag4_Update" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE4E7A87-0037-4CBC-851C-38E805264F0B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE4E7A87-0037-4CBC-851C-38E805264F0B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE8ED4DF-82EC-4F3C-8705-6962127F8139}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE8ED4DF-82EC-4F3C-8705-6962127F8139}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2520408212-3538239084-1909245453-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2216C02-49DF-459C-A57C-39419BA70ABB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2216C02-49DF-459C-A57C-39419BA70ABB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2520408212-3538239084-1909245453-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAEA2A78-CC86-4E9C-8A4D-8EE7885FD040}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAEA2A78-CC86-4E9C-8A4D-8EE7885FD040}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => key removed successfully.
EmptyTemp: => 67.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 03:17:41 ====s the log you requested Corrine

Corrine · Jan 29, 2016

Hi, rosetta.

Two things.

-- First, how is your computer now?
-- Second, if you uninstalled all the programs I suggested and would like to see if there are any remnants, I'd be happy to take a look at a second set of logs. To do do, please note the instructions below and provide a fresh FRST scan.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Note: After FRST completes updating and the tool appears, check the box next to Addition.txt under the "Optional Scan" section
Press Scan button.
Please copy/paste both logs in your reply.

rosetta · Jan 29, 2016

Thanks Corrine for your speedily response, my computer is doing great, you skillfully guided me to fix the problem. I uninstalled three of the utilities you suggested already and will uninstall the others as well. when the others utilities expire i will complete the tasks and send you the frst logs for your review. I am delighted to work with the computer tech team at sysnative.

Corrine · Jan 29, 2016

I'm glad the initial problem was solved. With luck, there won't be any (too many

) leftovers to deal with.

rosetta · Jan 29, 2016

Corrine i uninstall the utilities with revo uninstaller pro, is there a better uninstaller that removes all leftovers, simply put what is the best way to uninstall utilities and their leftovers completely?

Corrine · Jan 29, 2016

Revo is probably the best of that type of utility. However, I would still advise you to be careful. I've seen where Revo has caused problems by removing more than it should have. I suggest that you always create a System Restore point before installing a new program or making changes to your computer. That way, if things go wrong, you have a return point.

If you're happy that Revo has taken care of any leftovers and don't feel the need to run FRST again, we can clean up the tools used. However, if you're planning on posting those logs, do not do the following yet.

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

rosetta · Jan 29, 2016

Corrine i am following your instruction totally and completely you are the teacher and i am the learning student. I will delete the other utilities and run the frst and post the results. I never heard of the delfix, will it delete my other tools such as adwcleaner,jrt,and rogue killer?

Corrine · Jan 29, 2016

Yes it will clean up the tools and the logs.

rosetta · Jan 30, 2016

Good morning Corrine i have one more question about delfix will this tool also delete my other anti malware utilitites like malwarebytes and emsisoft off my computer?

Corrine · Jan 30, 2016

No Delfix doesn't not remove antivirus or anti-malware software programs.

rosetta · Feb 1, 2016

Hi Corrine i did what you recommend, uninstalling those utilities and ran the farbar again here is the report.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016Ran by Acer (administrator) on ACER-PC (01-02-2016 12:24:36)
Running from C:\Users\Acer\Desktop
Loaded Profiles: Acer (Available Profiles: Acer)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Users\Acer\AppData\Local\Temp\Rar$EXa0.109\Everything.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-08] (AVAST Software)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [432672 2009-10-23] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-01-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B0FE0666-FB9C-4AFC-A9E7-DA49D34C4B39}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B0FE0666-FB9C-4AFC-A9E7-DA49D34C4B39}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B2497EAA-3608-4BA6-9E93-73E286848F45}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-08] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Handler: AutorunsDisabled\livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: AutorunsDisabled\msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll [2008-07-02] (Skype Technologies)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.0.1.9 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-07-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-07-19] (RealTimes)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Click&Clean - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default\extensions\clickclean@hotcleaner.com [2015-09-12]
FF Extension: Fasterfox - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-09-12]
FF Extension: uBlock - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\b9TnIMZA.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-16]
CHR Extension: (Click&Clean) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-16]
CHR Extension: (better Browser - for Chrome) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh [2016-01-16]
CHR Extension: (Click&Clean App) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-01-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-08] (AVAST Software)
S4 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-07] (Dropbox, Inc.)
S4 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S3 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
S4 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-19] (RealNetworks, Inc.)
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2016-01-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2016-01-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2016-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2016-01-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2016-01-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449384 2016-01-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2016-01-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2016-01-08] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3355136 2015-12-11] (Qualcomm Atheros Communications, Inc.)
R1 epp; C:\EEK\bin32\epp.sys [102128 2016-01-27] (Emsisoft Ltd)
S1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [112408 2015-09-06] (Emsisoft GmbH)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29912 2013-09-30] (IObit)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2015-05-14] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2015-12-09] (Raxco Software, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [27688 2015-12-09] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2016-01-29] ()
S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2016-01-23] (wisecleaner.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 12:24 - 2016-02-01 12:25 - 00015103 _____ C:\Users\Acer\Desktop\FRST.txt
2016-02-01 12:20 - 2016-02-01 12:20 - 01721856 _____ (Farbar) C:\Users\Acer\Desktop\FRST.exe
2016-01-31 00:31 - 2016-01-31 00:32 - 00000000 ____D C:\Program Files\CCleaner
2016-01-31 00:31 - 2016-01-31 00:31 - 00000933 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-31 00:31 - 2016-01-31 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-31 00:13 - 2016-01-31 00:13 - 06826984 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup514pro.exe
2016-01-29 21:07 - 2016-02-01 12:04 - 00000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2016-01-29 21:07 - 2016-01-29 21:07 - 00000000 ____D C:\RegBackup
2016-01-29 21:06 - 2016-01-29 21:06 - 00111672 _____ C:\Users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-29 18:20 - 2016-01-29 18:20 - 00419576 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-29 03:19 - 2016-01-29 03:19 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-29 02:23 - 2016-01-29 02:23 - 00000000 ___HD C:\Windows\PIF
2016-01-29 00:58 - 2016-01-29 00:58 - 07814344 _____ ( ) C:\Users\Acer\Downloads\AVG_Remover.exe
2016-01-28 22:24 - 2016-01-28 22:51 - 00000000 ____D C:\Users\Acer\AppData\Local\Avg
2016-01-28 22:23 - 2016-01-28 22:52 - 00000000 ____D C:\AVG_Remover
2016-01-28 11:43 - 2016-01-28 11:43 - 00852798 _____ C:\Users\Acer\Desktop\SecurityCheck.exe
2016-01-28 07:10 - 2016-01-29 21:04 - 00000000 ____D C:\AdwCleaner
2016-01-28 07:09 - 2016-01-28 07:09 - 01507840 _____ C:\Users\Acer\Downloads\adwcleaner_5.031.exe
2016-01-27 02:38 - 2016-01-27 02:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-26 00:14 - 2016-01-26 00:14 - 00000000 ____D C:\Users\Acer\AppData\Roaming\EncryptStick
2016-01-23 23:44 - 2016-01-23 23:44 - 00013264 _____ (wisecleaner.com) C:\Windows\WiseHDInfo32.dll
2016-01-23 23:42 - 2016-01-23 23:42 - 06378664 _____ (WiseCleaner.com ) C:\Users\Acer\Downloads\WiseCare365.exe
2016-01-23 19:07 - 2016-01-23 19:10 - 00000000 ____D C:\Program Files\GUM96B3.tmp
2016-01-23 19:05 - 2016-01-28 23:05 - 00000000 ____D C:\Users\Acer\.oracle_jre_usage
2016-01-23 19:05 - 2016-01-23 19:05 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Sun
2016-01-23 19:05 - 2016-01-23 19:05 - 00000000 ____D C:\Program Files\Common Files\Java
2016-01-23 15:43 - 2016-01-23 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-23 15:40 - 2016-01-23 15:40 - 00001717 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-23 15:40 - 2016-01-23 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-23 15:39 - 2016-01-23 15:40 - 00000000 ____D C:\Program Files\iTunes
2016-01-23 15:39 - 2016-01-23 15:39 - 00000000 ____D C:\Program Files\iPod
2016-01-23 15:34 - 2016-01-23 15:34 - 00000000 ____D C:\Program Files\Bonjour
2016-01-23 15:10 - 2016-01-23 15:10 - 00000000 ____D C:\Users\Acer\AppData\Local\Apple
2016-01-23 12:39 - 2016-01-23 12:39 - 00000000 ____D C:\Users\Acer\AppData\Roaming\RealNetworks
2016-01-21 14:38 - 2016-01-23 15:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Apple Computer
2016-01-21 14:38 - 2016-01-23 15:43 - 00000000 ____D C:\Users\Acer\AppData\Local\Apple Computer
2016-01-21 14:38 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2016-01-21 14:37 - 2016-01-23 15:38 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2016-01-21 14:37 - 2016-01-21 14:37 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-21 14:35 - 2016-01-23 15:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-21 14:35 - 2016-01-23 15:32 - 00000000 ____D C:\ProgramData\Apple
2016-01-21 14:35 - 2016-01-21 14:35 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-21 14:35 - 2016-01-21 14:35 - 00000000 ____D C:\Program Files\Apple Software Update
2016-01-21 14:30 - 2016-01-21 14:33 - 108771096 _____ (Apple Inc.) C:\Users\Acer\Downloads\iTunesSetup.exe
2016-01-17 17:51 - 2016-01-17 17:51 - 00001264 _____ C:\Users\Acer\Desktop\tweaking.com_windows_repair_aio.lnk
2016-01-17 15:24 - 2016-01-17 15:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ACER-PC-Windows-7-Starter-(32-bit).dat
2016-01-17 15:20 - 2016-01-17 15:21 - 19731263 _____ C:\Users\Acer\Downloads\tweaking.com_windows_repair_aio.zip
2016-01-16 21:36 - 2016-01-29 17:08 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-16 21:36 - 2016-01-29 17:08 - 00002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-16 21:36 - 2016-01-27 10:13 - 00000000 ____D C:\Users\Acer\AppData\Local\Google
2016-01-16 21:33 - 2016-01-26 00:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-16 21:33 - 2016-01-26 00:47 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-16 21:33 - 2016-01-23 12:39 - 00000000 ____D C:\Program Files\Google
2016-01-16 16:09 - 2016-01-08 16:38 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-14 00:18 - 2016-01-14 00:18 - 00000000 ___HT C:\Windows\wusa.lock
2016-01-13 02:38 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 02:38 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 02:38 - 2015-12-12 12:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 02:38 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 02:38 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 02:38 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 02:38 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 02:38 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 02:38 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 02:38 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 02:38 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 02:38 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 02:38 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 02:38 - 2015-12-12 12:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 02:38 - 2015-12-12 12:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 02:38 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 02:38 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 02:38 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 02:38 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 02:38 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 02:38 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 02:38 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 02:38 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 02:38 - 2015-12-12 12:00 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 02:38 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 02:38 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 02:38 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 02:38 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 02:37 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 02:37 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 02:37 - 2015-12-30 13:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 02:37 - 2015-12-30 13:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 02:37 - 2015-12-30 13:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 02:37 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 02:37 - 2015-12-30 13:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 02:37 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 02:37 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 02:37 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 02:37 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 02:37 - 2015-12-30 13:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 02:37 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 02:37 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 02:37 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 02:37 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 02:37 - 2015-12-30 12:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 02:37 - 2015-12-30 12:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 02:37 - 2015-12-30 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 02:37 - 2015-12-30 12:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 02:37 - 2015-12-30 12:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 02:37 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 02:37 - 2015-12-30 12:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 02:37 - 2015-12-30 12:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 02:37 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 02:37 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 02:37 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 02:37 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 02:37 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 02:37 - 2015-11-16 19:45 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 02:37 - 2015-11-16 19:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 02:37 - 2015-11-16 19:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 02:36 - 2015-12-11 13:35 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 02:36 - 2015-11-16 15:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 02:35 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 02:35 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 02:35 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 02:35 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 02:35 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 02:35 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 02:35 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 02:35 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 02:35 - 2015-12-08 16:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 02:35 - 2015-12-08 16:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 02:35 - 2015-12-08 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 02:35 - 2015-12-08 16:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 02:35 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 02:35 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 02:35 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-08 20:01 - 2016-01-08 20:01 - 00000000 ____D C:\2d66f6b35c550371334d98ee88b4
2016-01-08 16:49 - 2016-01-08 16:49 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-08 16:49 - 2016-01-08 16:49 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-08 16:46 - 2016-01-08 16:45 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-01-08 16:40 - 2016-01-08 16:40 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2016-01-08 16:39 - 2016-01-16 16:11 - 00001967 _____ C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2016-01-08 16:39 - 2016-01-08 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-08 16:38 - 2016-01-20 20:19 - 00812208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-08 16:38 - 2016-01-20 20:19 - 00449384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00117712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-08 16:38 - 2016-01-08 16:38 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-08 16:38 - 2016-01-08 16:38 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-08 16:35 - 2016-01-08 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-08 16:35 - 2016-01-08 16:45 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-08 16:33 - 2016-01-08 16:33 - 05037256 _____ (AVAST Software) C:\Users\Acer\Desktop\avast_pro_antivirus_setup_online.exe
2016-01-07 22:36 - 2016-01-07 22:47 - 00000000 ____D C:\Program Files\SpeedFan
2016-01-07 22:35 - 2016-01-07 22:36 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2016-01-07 19:10 - 2016-01-07 19:10 - 02270550 _____ C:\Users\Acer\Desktop\hw32_512.zip
2016-01-02 22:56 - 2016-01-02 23:31 - 966201089 _____ C:\Users\Acer\Downloads\Photos.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 12:24 - 2015-11-11 16:41 - 00000000 ____D C:\FRST
2016-02-01 12:10 - 2009-07-13 23:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-01 12:10 - 2009-07-13 23:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-01 12:02 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-01 11:44 - 2015-08-23 17:24 - 00000000 ____D C:\Program Files\IObit
2016-02-01 11:44 - 2015-05-14 10:53 - 00000000 ____D C:\ProgramData\IObit
2016-02-01 11:18 - 2015-05-14 10:53 - 00000000 ____D C:\Users\Acer\AppData\Roaming\IObit
2016-02-01 11:05 - 2015-05-05 17:58 - 00000000 ____D C:\ProgramData\GlarySoft
2016-02-01 11:05 - 2015-05-05 17:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\GlarySoft
2016-01-31 19:44 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-01-31 00:33 - 2015-12-26 19:22 - 00000000 ____D C:\Program Files\TeamViewer
2016-01-30 20:38 - 2009-11-05 14:36 - 00785126 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 09:56 - 2015-05-08 22:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-29 23:37 - 2015-08-10 11:24 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-29 23:36 - 2015-11-20 01:14 - 00000000 ____D C:\Users\Acer\Desktop\sysnative tools
2016-01-29 23:22 - 2015-05-02 17:09 - 00000000 ____D C:\Windows\Minidump
2016-01-29 17:48 - 2015-08-31 09:48 - 00000000 ____D C:\Users\Acer\AppData\Roaming\vlc
2016-01-29 14:33 - 2015-05-14 12:13 - 00000000 ____D C:\EEK
2016-01-29 10:51 - 2015-06-29 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-29 10:47 - 2015-05-14 11:04 - 00200704 _____ C:\Windows\system32\config\default.iobit
2016-01-29 10:47 - 2015-05-14 11:04 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2016-01-29 10:47 - 2015-05-14 11:04 - 00024576 _____ C:\Windows\system32\config\security.iobit
2016-01-29 10:47 - 2015-05-14 11:03 - 56688640 _____ C:\Windows\system32\config\software.iobit
2016-01-29 03:17 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-27 13:50 - 2015-07-30 18:50 - 00196608 _____ C:\Windows\system32\config\default.rhk
2016-01-27 13:50 - 2015-07-30 18:50 - 00057344 _____ C:\Windows\system32\config\sam.rhk
2016-01-27 13:50 - 2015-07-30 18:50 - 00024576 _____ C:\Windows\system32\config\security.rhk
2016-01-27 13:50 - 2015-05-05 03:19 - 56242176 _____ C:\Windows\system32\config\software.rhk
2016-01-27 13:40 - 2015-10-17 00:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-27 11:31 - 2015-05-14 11:04 - 21278720 _____ C:\Windows\system32\config\components.iobit
2016-01-27 08:29 - 2009-07-13 23:53 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-26 00:54 - 2015-10-22 08:46 - 00000000 ____D C:\ProgramData\ProductData
2016-01-26 00:18 - 2015-07-07 19:17 - 00007598 _____ C:\Users\Acer\AppData\Local\Resmon.ResmonCfg
2016-01-23 20:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2016-01-23 20:09 - 2015-05-04 13:42 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla
2016-01-23 19:42 - 2012-02-16 15:40 - 00000000 ____D C:\Users\Acer
2016-01-23 19:31 - 2015-07-01 23:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-23 19:30 - 2015-09-12 21:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-23 19:16 - 2015-08-20 18:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-23 19:11 - 2015-09-12 21:57 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-23 19:11 - 2015-09-12 21:57 - 00001079 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-23 19:04 - 2015-06-29 22:20 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-01-23 19:02 - 2015-07-01 23:11 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-23 19:02 - 2012-02-17 12:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-23 12:27 - 2015-11-07 01:06 - 00000000 ____D C:\Users\Acer\AppData\Local\Dropbox
2016-01-23 12:27 - 2015-08-07 14:57 - 00000000 ____D C:\Users\Acer\AppData\LocalLow\Adobe
2016-01-23 12:27 - 2015-07-01 23:09 - 00000000 ____D C:\Users\Acer\AppData\Local\Adobe
2016-01-23 12:27 - 2015-06-20 15:00 - 00000000 ____D C:\Users\Acer\AppData\Local\Apps\2.0
2016-01-23 12:27 - 2015-05-27 13:09 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
2016-01-23 12:27 - 2012-02-17 12:37 - 00000000 ____D C:\ProgramData\Real
2016-01-23 12:27 - 2009-11-05 15:21 - 00000000 ____D C:\ProgramData\Adobe
2016-01-23 12:25 - 2015-11-07 01:06 - 00000000 ____D C:\Program Files\Dropbox
2016-01-16 22:35 - 2009-07-13 21:37 - 00000000 __RSD C:\Windows\Media
2016-01-16 22:33 - 2015-11-19 23:38 - 00000000 ____D C:\Program Files\Seagate
2016-01-16 22:04 - 2015-07-25 11:30 - 00000000 ____D C:\Program Files\Recuva
2016-01-16 16:05 - 2015-05-04 04:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-16 16:05 - 2015-05-04 04:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-16 16:04 - 2015-05-14 11:46 - 00000000 ____D C:\Users\Acer\AppData\LocalLow\IObit
2016-01-16 16:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2016-01-16 11:24 - 2015-06-08 00:08 - 00000000 ____D C:\Windows\system32\config\Before Compact
2016-01-14 14:59 - 2009-07-13 21:03 - 29884416 _____ C:\Windows\system32\config\system.bak
2016-01-14 10:56 - 2015-10-23 18:18 - 00000000 ____D C:\Users\Acer\AppData\Local\niemiro
2016-01-13 23:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\Msdtc
2016-01-13 17:07 - 2015-07-22 18:18 - 05714111 _____ C:\Users\Acer\Downloads\Motorola_Mobile_Drivers_32bit.msi.zip
2016-01-13 03:51 - 2009-11-05 15:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:30 - 2012-02-16 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:19 - 2015-05-04 03:44 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:05 - 2012-02-16 18:22 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 02:27 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Help
2016-01-09 22:58 - 2012-02-17 12:20 - 00000000 __RHD C:\MSOCache
2016-01-09 22:58 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-08 20:03 - 2015-11-07 01:06 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-08 18:18 - 2015-11-07 01:06 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-08 16:38 - 2015-09-07 19:30 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-06 22:01 - 2009-11-05 15:21 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

==================== Files in the root of some directories =======

2015-10-28 19:51 - 2015-10-28 19:51 - 0000996 _____ () C:\Users\Acer\AppData\Local\Music - Shortcut.lnk
2015-07-07 19:17 - 2016-01-26 00:18 - 0007598 _____ () C:\Users\Acer\AppData\Local\Resmon.ResmonCfg
2015-11-12 15:01 - 2015-11-12 15:01 - 0000000 _____ () C:\Users\Acer\AppData\Local\{598D056A-8C6D-4D50-B143-B8B80A5C2616}
2015-05-14 14:29 - 2015-05-14 14:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-07 01:15

==================== End of FRST.txt ============================

rosetta · Feb 1, 2016

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Acer (2016-02-01 12:26:15)
Running from C:\Users\Acer\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2012-02-16 20:39:53)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Acer (S-1-5-21-2520408212-3538239084-1909245453-1000 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-2520408212-3538239084-1909245453-500 - Administrator - Disabled)
Guest (S-1-5-21-2520408212-3538239084-1909245453-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.2.1026 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
Avast Pro Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.0820 - CyberLink Corp.)
Dropbox (HKLM\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 44.0 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
RealDownloader (Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
SeaTools for Windows 1.4.0.2 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Should I Remove It (HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TakeOwnershipPro 1.0 (HKLM\...\TakeOwnershipPro_is1) (Version: - )
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005C815C-04C3-4FC9-8D40-29C8951C2FFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4114DBCE-A467-4FDA-BC3B-29D9A97286E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {57197A15-C859-4856-BB86-9E1985D61AC3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5A91FDE6-608A-4135-BC0A-3FC0612E553B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {5AF2D535-C454-4797-9E25-F047E5814AA7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2520408212-3538239084-1909245453-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {63CD959C-2C1E-4ABA-9137-AC01D30E48B9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-07] (Dropbox, Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6E21EDD4-F5CB-47B2-8F31-C9DCE7C32762} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-08] (AVAST Software)
Task: {97D6B60D-62B5-4BEB-A07D-79F67B25DCAF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-07] (Dropbox, Inc.)
Task: {AC5C356A-371D-4D17-93C5-C6FF58CAC645} - System32\Tasks\SafeZone scheduled Autoupdate 1452289729 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DA7B16D0-FCBF-4B76-8497-FEBBAB601702} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2520408212-3538239084-1909245453-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {DB829080-32C4-4858-878D-A4DE0988ED83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)
Task: {DC34B60F-E0C9-4D05-802C-BAED9E18B4BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.)
Task: {E80392BB-81A2-414E-B7CA-9CF1BEF8826E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-19] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-08 16:38 - 2016-01-08 16:38 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-08 16:38 - 2016-01-08 16:38 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-01 10:42 - 2016-02-01 10:42 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020100\algo.dll
2016-01-08 16:38 - 2016-01-08 16:38 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-08 16:38 - 2016-01-08 16:38 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-13 15:20 - 2014-08-06 09:31 - 01048576 _____ () C:\Users\Acer\AppData\Local\Temp\Rar$EXa0.109\Everything.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2016-01-07 23:38 - 00000768 ___AS C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2520408212-3538239084-1909245453-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: dbupdate => 3
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EgisTecLiveUpdate =>
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: RealDownloader => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{998291F5-A76E-4787-B3B0-09F31EEAEA62}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{922709AB-E278-4722-8182-46A92B604CFA}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{B7A05563-8D04-4267-900F-627EA5E093A9}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B3230F22-7E28-4E12-B0C3-2AD56C50D944}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{83054DA3-73CD-4C70-ADED-5885E8729D0B}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{289175F8-5FAB-4F70-AC1F-EBD445F7BF98}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{6421BD4E-43F4-4039-AAE2-97DD8A9C3BC6}] => (Allow) c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [{5B467965-EACC-4D23-8E14-D9D89F74DADD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE78BF9F-14EB-4854-9488-BB40F3DE4AA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{53A7CE53-3E23-4726-8C55-BA20FD27BB61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{443CEE3D-2F2A-4D14-B5D6-39E3DE1358DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF57CB2E-76A6-421F-900A-2F417BBB845B}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{FFD2CD10-F23C-4BB3-93AB-D695AF73DB65}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{47249F78-FD42-4488-9D69-676CF23531D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{F7BC339B-19E3-498F-B8DD-D092852E167B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6ADF068-D870-4EC0-B2AA-DCF7E7B93004}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{20994F92-0F50-450B-A143-F6A33D52D2A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF74E7E6-2F87-48B5-89E2-9E7BF26EB04E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFB4D7C8-6772-478A-B83F-D519F37893C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5AE7550F-6824-4E92-B7CD-BA551824D200}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

30-01-2016 23:44:49 Revo Uninstaller Pro's restore point - ccleaner
01-02-2016 11:00:36 Revo Uninstaller Pro's restore point - Driver Booster 2.3
01-02-2016 11:03:48 Revo Uninstaller Pro's restore point - Glary Utilities 5.27
01-02-2016 11:07:33 Revo Uninstaller Pro's restore point - IObit Uninstaller
01-02-2016 11:10:36 Revo Uninstaller Pro's restore point - Little Registry Cleaner
01-02-2016 11:12:54 Revo Uninstaller Pro's restore point - little registry cleaner
01-02-2016 11:16:55 Revo Uninstaller Pro's restore point - Smart Defrag 4
01-02-2016 11:19:27 Revo Uninstaller Pro's restore point - Wise Care 365 3.95
01-02-2016 11:23:31 Revo Uninstaller Pro's restore point - Advanced SystemCare 9

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2016 11:56:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TweakingRegistryBackup.exe, version: 3.3.0.1, time stamp: 0x561d25f2
Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x4a5bda6c
Exception code: 0xc0000005
Fault offset: 0x000c9ba6
Faulting process id: 0x494
Faulting application start time: 0xTweakingRegistryBackup.exe0
Faulting application path: TweakingRegistryBackup.exe1
Faulting module path: TweakingRegistryBackup.exe2
Report Id: TweakingRegistryBackup.exe3

Error: (02/01/2016 11:05:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/29/2016 09:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TweakingRegistryBackup.exe, version: 3.3.0.1, time stamp: 0x561d25f2
Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x4a5bda6c
Exception code: 0xc0000005
Fault offset: 0x000c9ba6
Faulting process id: 0x510
Faulting application start time: 0xTweakingRegistryBackup.exe0
Faulting application path: TweakingRegistryBackup.exe1
Faulting module path: TweakingRegistryBackup.exe2
Report Id: TweakingRegistryBackup.exe3

Error: (01/28/2016 10:24:43 PM) (Source: MsiInstaller) (EventID: 10005) (User: Acer-PC)
Description: Product: AVG PC TuneUp 2015 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: TUInstallHelper.exe, ,

Error: (01/28/2016 10:29:15 AM) (Source: ESENT) (EventID: 439) (User: )
Description: DllHost (2428) WebCacheLocal: Unable to write a shadowed header for file C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

Error: (01/28/2016 10:29:15 AM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2428) WebCacheLocal: An attempt to open the file "C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/28/2016 12:14:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/27/2016 03:38:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1492) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (01/27/2016 11:51:36 AM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (2484) WebCacheLocal: Database recovery/restore failed with unexpected error -543.

Error: (01/27/2016 11:51:36 AM) (Source: ESENT) (EventID: 452) (User: )
Description: DllHost (2484) WebCacheLocal: Database C:\Users\Acer\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat requires logfiles 1-10 in order to recover successfully. Recovery could only locate logfiles starting at 10.

System errors:
=============
Error: (02/01/2016 12:02:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (02/01/2016 12:02:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (02/01/2016 12:02:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (02/01/2016 12:02:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (02/01/2016 12:02:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
epp32

Error: (02/01/2016 12:02:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (02/01/2016 12:02:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (02/01/2016 12:02:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (02/01/2016 12:00:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/01/2016 12:00:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

CodeIntegrity:
===================================
Date: 2015-11-05 11:34:19.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:18.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:18.382
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:18.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_59242a2f108d7db6\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:15.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:15.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:14.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 11:34:14.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_59b09ffa29a89cc7\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 17:25:01.463
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 17:25:01.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 31%
Total physical RAM: 2037.1 MB
Available physical RAM: 1385.98 MB
Total Virtual: 5109.1 MB
Available Virtual: 4362.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:187.97 GB) NTFS
Drive d: () (Removable) (Total:7.45 GB) (Free:3.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A2312F79)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Corrine · Feb 1, 2016

Ok, let's clean up.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code:

start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29912 2013-09-30] (IObit)
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29912 2013-09-30] (IObit)
2016-01-23 23:44 - 2016-01-23 23:44 - 00013264 _____ (wisecleaner.com) C:\Windows\WiseHDInfo32.dll
2016-01-23 23:42 - 2016-01-23 23:42 - 06378664 _____ (WiseCleaner.com ) C:\Users\Acer\Downloads\WiseCare365.exe
2016-01-23 19:07 - 2016-01-23 19:10 - 00000000 ____D C:\Program Files\GUM96B3.tmp
2016-02-01 11:44 - 2015-08-23 17:24 - 00000000 ____D C:\Program Files\IObit
2016-02-01 11:44 - 2015-05-14 10:53 - 00000000 ____D C:\ProgramData\IObit
2016-02-01 11:18 - 2015-05-14 10:53 - 00000000 ____D C:\Users\Acer\AppData\Roaming\IObit
2016-02-01 11:05 - 2015-05-05 17:58 - 00000000 ____D C:\ProgramData\GlarySoft
2016-02-01 11:05 - 2015-05-05 17:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\GlarySoft
2016-01-29 10:47 - 2015-05-14 11:04 - 00200704 _____ C:\Windows\system32\config\default.iobit
2016-01-29 10:47 - 2015-05-14 11:04 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2016-01-29 10:47 - 2015-05-14 11:04 - 00024576 _____ C:\Windows\system32\config\security.iobit
2016-01-29 10:47 - 2015-05-14 11:03 - 56688640 _____ C:\Windows\system32\config\software.iobit
2016-01-27 11:31 - 2015-05-14 11:04 - 21278720 _____ C:\Windows\system32\config\components.iobit
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post the log in your next reply.

[SOLVED] google chrome proxy grayed out

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Well-known member

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Attachments

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Well-known member

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst