Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake Security Alert Pop-ups Taking over Chrome (Windows 8.1)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Fake Security Alert Pop-ups Taking over Chrome (Windows 8.1)

Unread postby melbewell » April 25th, 2015, 6:43 pm

i've been experiencing very annoying pop-ups that interrupt my browsing on Google Chrome. They do not appear as a problem when first opening the broswer but they eventually start overwriting pages I open in new tabs. These pop-ups claim that my computer is infected with a virus and tell me to call a certain number. The site is almost always different. The most common URLS I've gotten are pcfixing3.info, aliexpress, and important update. I've tried removing these pop-up virus with Malware bytes, Adwcleaner, Microsoft security scanner, hitman pro and a number of other adware and malware scanners but nothing has been removed. I have removed suspicious extensions from Google Chrome in the past and the home page is not affected.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by Melissa (administrator) on MELISSA-GRECO on 25-04-2015 18:54:13
Running from C:\Users\Melissa\Downloads
Loaded Profiles: Melissa (Available profiles: Melissa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-23] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Run: [GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Winlogon: [Shell] explorer.exe,"C:\Program Files\Rainmeter\Rainmeter.exe" <==== ATTENTION
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2914793285-942858159-1918959283-1001 -> DefaultScope {237EABAB-F0F6-4329-B30B-CCAF034B3291} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2914793285-942858159-1918959283-1001 -> {237EABAB-F0F6-4329-B30B-CCAF034B3291} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2914793285-942858159-1918959283-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\t5f5g81r.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: MxWRK - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\t5f5g81r.default\Extensions\{ffd00250-6f4b-11e4-9803-0800200c9a66}.xpi [2014-12-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (SwagButton) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-01-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Empty New Tab Page) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-18]
CHR Extension: (SwagButton) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-01-17]
CHR Extension: (Reddit Notifier) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikingdipinldcfllekffnlgbojbbpilk [2015-03-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-17]
CHR Extension: (Coupons at Checkout) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2015-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-04-25] (Enigma Software Group USA, LLC.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-20] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-20] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-25] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-25] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 18:54 - 2015-04-25 18:55 - 00020200 _____ () C:\Users\Melissa\Downloads\FRST.txt
2015-04-25 18:54 - 2015-04-25 18:54 - 00000000 ____D () C:\FRST
2015-04-25 18:53 - 2015-04-25 18:53 - 02099712 _____ (Farbar) C:\Users\Melissa\Downloads\FRST64.exe
2015-04-25 18:47 - 2015-04-25 18:47 - 00688992 _____ (Swearware) C:\Users\Melissa\Downloads\dds (2).scr
2015-04-25 18:47 - 2015-04-25 18:47 - 00688992 _____ (Swearware) C:\Users\Melissa\Downloads\dds (1).scr
2015-04-25 18:46 - 2015-04-25 18:47 - 00688992 _____ (Swearware) C:\Users\Melissa\Desktop\dds.scr
2015-04-25 16:16 - 2015-04-25 16:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Melissa\Downloads\tdsskiller.exe
2015-04-25 13:22 - 2015-04-25 13:22 - 00000000 _____ () C:\autoexec.bat
2015-04-25 13:21 - 2015-04-25 13:21 - 00003344 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-04-25 13:21 - 2015-04-25 13:21 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-25 13:21 - 2015-04-25 13:21 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Enigma Software Group
2015-04-25 13:21 - 2015-04-25 13:21 - 00000000 ____D () C:\sh4ldr
2015-04-25 13:20 - 2015-04-25 13:20 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-04-25 13:20 - 2015-04-25 13:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-25 13:19 - 2015-04-25 13:19 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Melissa\Downloads\SpyHunter-Installer.exe
2015-04-25 13:17 - 2015-04-25 13:17 - 00002149 _____ () C:\Users\Melissa\Downloads\software_removal_tool.log
2015-04-24 20:56 - 2015-04-24 20:56 - 00000000 ____D () C:\Windows\pss
2015-04-24 20:50 - 2015-04-24 20:50 - 157519640 _____ (Microsoft Corporation) C:\Users\Melissa\Downloads\msert (1).exe
2015-04-22 22:41 - 2015-04-22 22:41 - 00000038 _____ () C:\Users\Melissa\Downloads\Book.csv
2015-04-22 20:53 - 2015-04-22 20:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-21 19:57 - 2015-04-21 19:57 - 02685507 _____ (Thisisu) C:\Users\Melissa\Downloads\JRT (1).exe
2015-04-21 19:56 - 2015-04-21 19:56 - 02217984 _____ () C:\Users\Melissa\Downloads\adwcleaner_4.201.exe
2015-04-19 16:47 - 2015-04-19 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2015-04-19 16:47 - 2015-04-19 16:52 - 00000000 ____D () C:\Program Files (x86)\iMobie
2015-04-19 16:47 - 2015-04-19 16:47 - 06998584 _____ (iMobie Inc. ) C:\Users\Melissa\Downloads\phoneclean-setup.exe
2015-04-19 16:45 - 2015-04-19 16:46 - 17182592 _____ (iMobie Inc. ) C:\Users\Melissa\Downloads\anytrans-thanksgiving-setup.exe
2015-04-19 16:28 - 2015-04-19 16:28 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\WinRAR
2015-04-19 16:26 - 2015-04-19 16:28 - 275305744 _____ () C:\Users\Melissa\Downloads\Bring Me the Horizon - Sempiternal (Deluxe Edition) [iTunes] (1).rar
2015-04-19 16:26 - 2015-04-19 16:26 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-19 16:26 - 2015-04-19 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-19 16:26 - 2015-04-19 16:26 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-19 16:25 - 2015-04-19 16:25 - 01941744 _____ () C:\Users\Melissa\Downloads\winrar-x64-521.exe
2015-04-19 16:24 - 2015-04-19 16:24 - 01760040 _____ () C:\Users\Melissa\Downloads\wrar521.exe
2015-04-19 16:22 - 2015-04-19 16:24 - 275305744 _____ () C:\Users\Melissa\Downloads\Bring Me the Horizon - Sempiternal (Deluxe Edition) [iTunes].rar
2015-04-19 16:16 - 2015-04-19 16:18 - 77884240 _____ () C:\Users\Melissa\Downloads\BRING_ME_THE_HORIZON_-_SEMPITERNAL_2013.rar
2015-04-19 13:53 - 2015-04-19 13:56 - 00000000 ____D () C:\Users\Melissa\Documents\Greco_Raizel_EMP212CA
2015-04-18 22:40 - 2015-04-18 22:41 - 42096984 _____ (Apple Inc.) C:\Users\Melissa\Downloads\QuickTimeInstaller.exe
2015-04-18 22:37 - 2015-04-18 22:38 - 306960444 _____ () C:\Users\Melissa\Downloads\The 1975 (Deluxe Edition).zip
2015-04-18 22:06 - 2015-04-22 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-18 22:05 - 2015-04-18 22:06 - 00000000 ____D () C:\Program Files\iTunes
2015-04-18 22:05 - 2015-04-18 22:05 - 00000000 ____D () C:\Program Files\iPod
2015-04-18 22:05 - 2015-04-18 22:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-14 22:49 - 2015-04-14 22:49 - 00000000 ____D () C:\2b1d7cc002267f05b12f5359
2015-04-14 19:30 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 19:30 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 19:30 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 19:30 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 19:30 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 19:30 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 19:30 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 16:51 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 16:51 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 16:51 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-14 16:51 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 16:51 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 16:51 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-14 16:51 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 16:51 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 16:51 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-14 16:51 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 16:51 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-14 16:51 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 16:51 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 16:51 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 16:51 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 16:51 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 16:51 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 16:51 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 16:51 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 16:51 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 16:51 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 16:51 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-14 16:51 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 16:51 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 16:51 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 16:51 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 16:51 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-14 16:51 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 16:51 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 16:51 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 16:51 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 16:51 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 16:51 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 16:51 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 16:51 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 16:51 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 16:51 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 16:51 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 16:50 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 16:50 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 16:50 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 16:50 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 16:50 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 16:50 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 16:50 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 16:50 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 16:50 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 16:50 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 16:50 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 16:50 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 16:50 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 16:50 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 16:50 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 16:50 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 16:50 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 16:50 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 16:50 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-14 16:50 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 16:50 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-14 16:50 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 16:50 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-11 09:24 - 2015-04-11 09:30 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-11 09:24 - 2015-04-11 09:24 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-11 09:21 - 2015-04-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-11 09:19 - 2015-04-11 09:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-11 09:19 - 2015-04-11 09:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-11 09:13 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-04-11 09:13 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-04-11 09:12 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-04-11 09:11 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-11 09:11 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-11 09:11 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-04-11 09:11 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-04-11 09:11 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-11 09:11 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-11 09:11 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-11 09:11 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-04-11 09:11 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-04-11 09:11 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-04-11 09:11 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-04-11 09:11 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-04-11 09:11 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-04-11 09:11 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-04-11 09:11 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-04-11 09:11 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-04-11 09:11 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-04-11 09:11 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-04-11 09:11 - 2014-11-08 00:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-11 09:11 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-04-11 09:11 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-04-11 09:11 - 2014-11-07 23:58 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-11 09:11 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-04-11 09:11 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-04-11 09:11 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-04-11 09:11 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-04-11 09:11 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-04-11 09:11 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-04-11 09:11 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-04-11 09:11 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-04-11 09:11 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-04-11 09:11 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-04-11 09:11 - 2014-11-07 22:09 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-11 09:11 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-04-11 09:11 - 2014-11-07 21:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-11 09:11 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-04-11 09:11 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-04-11 09:11 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-04-11 09:11 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-04-11 09:11 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-04-11 09:11 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-04-11 09:11 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-04-11 09:11 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-04-11 09:11 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-04-11 09:11 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-04-11 09:11 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-04-11 09:11 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-04-11 09:11 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-04-11 09:11 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-04-11 09:11 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-04-11 09:11 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-04-11 09:11 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-04-11 09:11 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-04-11 09:11 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-04-11 09:11 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-04-11 09:11 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-04-11 09:11 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-04-11 09:11 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-04-11 09:11 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-04-11 09:11 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-04-11 09:11 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-04-11 09:11 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-04-11 09:11 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-11 09:11 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-04-11 09:11 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-04-11 09:11 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-04-11 09:11 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-04-11 09:11 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-04-11 09:11 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-04-11 09:11 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-04-11 09:11 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-04-11 09:11 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-04-11 09:11 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-04-11 09:11 - 2014-10-17 00:56 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-04-11 09:11 - 2014-10-17 00:56 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-04-11 09:11 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-04-11 09:11 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-04-11 09:10 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-11 09:10 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-28 16:59 - 2015-04-24 15:43 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Popcorn Time
2015-03-28 16:58 - 2015-03-28 16:59 - 23315064 _____ (Popcorn Official) C:\Users\Melissa\Downloads\Popcorn-Time-0.3.7.2-Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 18:45 - 2014-05-17 06:13 - 01641393 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 18:40 - 2015-01-16 16:30 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 18:40 - 2014-12-29 00:21 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MELISSA-GRECO-Melissa Melissa-Greco
2015-04-25 18:39 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-25 18:34 - 2014-12-27 10:18 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E92A0C10-2A8F-4E75-B02C-F4E3F3655F84}
2015-04-25 18:31 - 2015-01-25 20:04 - 00000000 ____D () C:\Users\Melissa\Documents\Bluetooth Folder
2015-04-25 18:30 - 2015-01-16 16:30 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 18:30 - 2014-12-27 10:17 - 00000000 __RDO () C:\Users\Melissa\OneDrive
2015-04-25 18:30 - 2014-05-17 07:04 - 02709947 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-04-25 18:29 - 2013-08-22 10:46 - 00032999 _____ () C:\Windows\setupact.log
2015-04-25 18:29 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 18:28 - 2013-08-22 09:25 - 00786432 ___SH () C:\Windows\system32\config\BBI
2015-04-25 18:23 - 2014-12-27 20:25 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Skype
2015-04-25 16:19 - 2015-02-20 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 16:18 - 2015-02-05 16:53 - 00000020 _____ () C:\Users\Melissa\AppData\Roaming\appdataFr3.bin
2015-04-25 16:08 - 2014-12-27 10:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2914793285-942858159-1918959283-1001
2015-04-25 13:17 - 2015-03-06 23:43 - 00001842 _____ () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chrome - Shortcut.lnk
2015-04-25 13:02 - 2014-12-27 10:13 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Packages
2015-04-25 13:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-25 11:58 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-04-24 20:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 14:37 - 2014-12-29 01:13 - 00056832 ___SH () C:\Users\Melissa\Documents\Thumbs.db
2015-04-24 14:34 - 2014-12-26 23:14 - 00000000 ____D () C:\Users\Melissa\Documents\School
2015-04-21 20:00 - 2014-04-10 00:25 - 00026058 _____ () C:\Windows\PFRO.log
2015-04-21 19:59 - 2015-02-20 22:04 - 00000000 ____D () C:\AdwCleaner
2015-04-21 18:28 - 2014-04-10 00:31 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-21 16:06 - 2014-12-29 00:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-21 16:06 - 2014-12-26 22:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 16:05 - 2014-12-29 00:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 20:20 - 2015-01-02 20:47 - 00138240 ___SH () C:\Users\Melissa\Downloads\Thumbs.db
2015-04-19 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-19 16:47 - 2015-01-02 20:36 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\iMobie
2015-04-19 16:47 - 2015-01-02 20:36 - 00000000 ____D () C:\Users\Melissa\AppData\Local\iMobie_Inc
2015-04-19 16:29 - 2015-03-19 18:33 - 00000000 ____D () C:\ProgramData\WinZip
2015-04-19 10:17 - 2014-12-26 22:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-18 22:05 - 2014-12-26 19:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-16 18:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-15 21:11 - 2015-02-25 18:06 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Unity
2015-04-15 17:12 - 2014-12-29 16:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:12 - 2014-12-29 16:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 22:49 - 2014-12-29 16:10 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 22:49 - 2014-12-29 16:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 22:49 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-14 17:02 - 2013-08-22 09:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-14 16:59 - 2015-01-01 17:09 - 00000000 ____D () C:\Users\Melissa\Documents\Giveaways Won
2015-04-11 09:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-04-11 09:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-04-11 09:09 - 2015-02-05 19:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-02 23:39 - 2014-12-27 10:11 - 00000000 ____D () C:\Users\Melissa
2015-03-30 16:08 - 2014-12-29 00:27 - 00000000 ____D () C:\Users\Melissa\Documents\Microsoft Office
2015-03-30 13:55 - 2014-12-26 23:14 - 00000000 ____D () C:\Users\Melissa\Documents\Beer Money
2015-03-29 15:33 - 2014-04-10 02:28 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-26 18:51 - 2014-12-27 20:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 18:50 - 2014-12-27 20:25 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-02-05 16:53 - 2015-04-25 16:18 - 0000020 _____ () C:\Users\Melissa\AppData\Roaming\appdataFr3.bin
2014-05-17 06:37 - 2014-05-17 06:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Melissa\AppData\Local\Temp\HitmanPro.exe
C:\Users\Melissa\AppData\Local\Temp\Quarantine.exe
C:\Users\Melissa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Melissa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-22 21:06

==================== End Of Log ============================
Last edited by melbewell on April 26th, 2015, 10:05 am, edited 1 time in total.
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm
Advertisement
Register to Remove

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » April 26th, 2015, 1:29 am

You have only posted your additions.txt log, we need to see the frst.txt log that FRST produced as well, please post it.

If you can't find it, just run FRST again, and the log will be produced again.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby melbewell » April 26th, 2015, 10:08 am

Gary R wrote:You have only posted your additions.txt log, we need to see the frst.txt log that FRST produced as well, please post it.

If you can't find it, just run FRST again, and the log will be produced again.



Sorry, I've edited the post and included frst.txt
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » April 26th, 2015, 11:52 am

Unfortunately you've edited your post by removing the addition.txt log, which I also need to see.

Please do not edit your original post, and just post me the addition.txt in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby melbewell » April 26th, 2015, 12:39 pm

Gary R wrote:Unfortunately you've edited your post by removing the addition.txt log, which I also need to see.

Please do not edit your original post, and just post me the addition.txt in your next reply.


Here is the addition.txt. Sorry about that.



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by Melissa at 2015-04-25 18:56:42
Running from C:\Users\Melissa\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2914793285-942858159-1918959283-500 - Administrator - Disabled)
Guest (S-1-5-21-2914793285-942858159-1918959283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2914793285-942858159-1918959283-1003 - Limited - Enabled)
Melissa (S-1-5-21-2914793285-942858159-1918959283-1001 - Administrator - Enabled) => C:\Users\Melissa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{E433737F-59A9-ADC0-A2B5-7714003EFC50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21250 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2914793285-942858159-1918959283-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

11-04-2015 09:12:19 Windows Update
14-04-2015 16:53:04 Windows Update
18-04-2015 15:49:03 Windows Update
19-04-2015 16:27:14 Removed WinZip 19.0
20-04-2015 19:33:03 Removed QuickTime 7

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07C4B17A-EA77-4769-8A6D-A51D62DA88A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10B495A2-FD7F-4EDD-9431-2EF0E8A8A1F7} - System32\Tasks\{76C0442C-06D4-4E1D-964F-CBD025030225} => pcalua.exe -a "C:\Users\Melissa\AppData\Roaming\1H1Q1V1N1N1O2V\Firefox Packages\uninstaller.exe" -c /Uninstall /NM="Firefox Packages" /AN="1H1Q1V1N1N1O2V" /MBN="Firefox Packages"
Task: {12A2AA49-5107-4026-B29A-AF25526243E9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1A26C759-E0B3-41BC-9932-475D19AAEB8F} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {2051B1DD-073F-4318-BFB5-C3E52FB2E3C7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {21B74AA8-1D8F-4A9D-B331-A7BF8C6184A0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2DE1F679-AD03-4E1B-A45B-B99A9193719F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {31A3656E-B5A2-4BBD-A20C-8FFF890FC6D6} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {4009B237-927D-4F1C-9E28-24D64B58DCF8} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated)
Task: {40EE7E4F-AB2E-45A0-9A88-BF6525D7B3E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {428AC932-6042-4DFA-9FA9-721D55071F49} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2914793285-942858159-1918959283-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {493F6E0E-B432-4C66-A6AB-7D37D1B82846} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {667627BA-13E7-4303-9BBA-395F29EE684B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {70979AE0-3719-44E1-8F33-BC12B3D52B9C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {822F2E33-87A2-4A1C-A2D9-55EC981FDEF3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {85933259-CF1D-438A-A7F1-7EC7C9ADD65A} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {9C980E4B-F126-453B-9152-F4723DA10630} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B6AFFEDE-111D-4108-8F4B-BA6FEB22BF40} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {C203F379-80A9-494C-9C67-0F76EA142E8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {C3E5EBB6-2316-45A2-BAC9-D08A7F85CAAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6A811DE-59EA-473F-98B0-59AE6FDC932A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MELISSA-GRECO-Melissa Melissa-Greco => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {CC7F987A-024B-42C4-BDA1-B25F75F6C451} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-25] (Enigma Software Group USA, LLC.)
Task: {EA998B40-836D-4DAE-A476-0B84ADE728CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {FF98D675-3C41-47E9-8B74-49397413D1C9} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-27 00:19 - 2014-12-27 00:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-02-26 01:14 - 2014-02-26 01:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 01:11 - 2014-02-26 01:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 01:17 - 2014-02-26 01:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-05-17 06:36 - 2013-10-01 05:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-05-17 07:27 - 2014-01-03 17:29 - 00087640 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-04-18 13:42 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-18 13:42 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Melissa\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2914793285-942858159-1918959283-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 64.71.255.204 - 64.71.255.198

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0CCDC40B7F4197DCBC8105A54C0F2AF9"
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\StartupApproved\Run: => "Speech Recognition"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2015 01:01:05 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (04/25/2015 11:44:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MELISSA-GRECO)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/24/2015 11:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10860

Error: (04/24/2015 11:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10860

Error: (04/24/2015 11:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2015 08:44:26 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=42.0.2311.90;lang=;guid=4A4293E75901478CBBAA9FAFFF9B1A29;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c2ad4cea-f91c-462f-a0b8-e24bede46449.dmp

Error: (04/24/2015 01:48:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MELISSA-GRECO)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/23/2015 09:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9328

Error: (04/23/2015 09:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9328

Error: (04/23/2015 09:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/25/2015 06:29:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (04/25/2015 06:27:49 PM) (Source: DCOM) (EventID: 10010) (User: MELISSA-GRECO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/25/2015 06:27:49 PM) (Source: DCOM) (EventID: 10010) (User: MELISSA-GRECO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/25/2015 06:27:44 PM) (Source: DCOM) (EventID: 10010) (User: MELISSA-GRECO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/25/2015 06:27:44 PM) (Source: DCOM) (EventID: 10010) (User: MELISSA-GRECO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/24/2015 11:16:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (04/24/2015 11:15:56 PM) (Source: DCOM) (EventID: 10005) (User: MELISSA-GRECO)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (04/24/2015 11:15:56 PM) (Source: DCOM) (EventID: 10005) (User: MELISSA-GRECO)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/24/2015 11:15:34 PM) (Source: DCOM) (EventID: 10005) (User: MELISSA-GRECO)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/24/2015 11:08:10 PM) (Source: DCOM) (EventID: 10005) (User: MELISSA-GRECO)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (04/25/2015 01:01:05 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (04/25/2015 11:44:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MELISSA-GRECO)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (04/24/2015 11:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10860

Error: (04/24/2015 11:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10860

Error: (04/24/2015 11:18:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2015 08:44:26 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=42.0.2311.90;lang=;guid=4A4293E75901478CBBAA9FAFFF9B1A29;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c2ad4cea-f91c-462f-a0b8-e24bede46449.dmp

Error: (04/24/2015 01:48:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MELISSA-GRECO)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (04/23/2015 09:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9328

Error: (04/23/2015 09:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9328

Error: (04/23/2015 09:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2015-04-25 10:20:01.141
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:20:00.453
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:59.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:59.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:58.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:57.890
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:57.233
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:56.593
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:55.904
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-25 10:19:55.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E2-6110 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 35%
Total physical RAM: 5080.23 MB
Available physical RAM: 3274.34 MB
Total Pagefile: 5912.23 MB
Available Pagefile: 3665.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.85 GB) (Free:824.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 10BBCAB0)

Partition: GPT Partition Type.

==================== End Of Log ============================
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » April 26th, 2015, 1:13 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There is a recent infection which affects Google Chrome, and so far the best way to remove it is to remove Google Chrome, and re-install a new clean copy. I know it's a nuisance particularly if you have a lot of add-ons installed, but it is by far the swiftest and most certain way of removing the infection.

So, please Uninstall the following program ....

Google Chrome


.... and when prompted, opt for your personal settings to be removed as well. (this is essential)

Reboot your computer once this is done.

Please do not install a new copy of Chrome until I give you the all clear to do so.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Winlogon: [Shell] explorer.exe,"C:\Program Files\Rainmeter\Rainmeter.exe" <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2914793285-942858159-1918959283-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby melbewell » April 26th, 2015, 2:08 pm

I'm waiting for the scanner to complete. Here is the fixlist log:




Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Melissa at 2015-04-26 13:50:48 Run:1
Running from C:\Users\Melissa\Documents\FRST
Loaded Profiles: Melissa (Available profiles: Melissa)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2914793285-942858159-1918959283-1001\...\Winlogon: [Shell] explorer.exe,"C:\Program Files\Rainmeter\Rainmeter.exe" <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2914793285-942858159-1918959283-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
*****************

HKU\S-1-5-21-2914793285-942858159-1918959283-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2914793285-942858159-1918959283-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 2.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 13:52:29 ====
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » April 26th, 2015, 2:22 pm

E-Set usually takes quite a while to complete, and I'm going to be out for the rest of the evening, so it will be tomorrow morning (my time GMT) before I get to see the log once you've posted it.

Talk to you then. :)
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby melbewell » April 26th, 2015, 4:02 pm

Gary R wrote:E-Set usually takes quite a while to complete, and I'm going to be out for the rest of the evening, so it will be tomorrow morning (my time GMT) before I get to see the log once you've posted it.

Talk to you then. :)


Have a nice evening! : :) Here are the contents of the ESET.txt file.

C:\Users\Melissa\Downloads\Drivers_Setup.exe NSIS/TrojanDownloader.Adload.AG trojan
C:\Users\Melissa\Downloads\winzip19-lan.exe a variant of Win32/InstallCore.YR potentially unwanted application
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » April 27th, 2015, 1:50 am

Looking good so far.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Users\Melissa\Downloads\Drivers_Setup.exe
C:\Users\Melissa\Downloads\winzip19-lan.exe

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Go to ... https://www.google.com/chrome/ ... and download and install a new clean copy of Google Chrome.

Do not install any add-ons at this point, instead run it for a while and see if you have any problems. If you don't then start re-installing your add-ons 2 or 3 at a time. After each group of installs try running Chrome for a while to see if your problems return.

If they do, then you'll have narrowed down the "culprit" add-on down to one of 2 or 3 add-ons, and we can easily discover which one.

If you get all your add-ons installed and the problem hasn't returned, then please let me know, because we've still got a little tidying up to do.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby melbewell » April 27th, 2015, 3:56 pm

Here is the log. I'm reinstalling a fresh copy of Chrome.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Melissa at 2015-04-27 15:53:58 Run:2
Running from C:\Users\Melissa\Documents\FRST
Loaded Profiles: Melissa (Available profiles: Melissa)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Melissa\Downloads\Drivers_Setup.exe
C:\Users\Melissa\Downloads\winzip19-lan.exe
*****************

C:\Users\Melissa\Downloads\Drivers_Setup.exe => Moved successfully.
C:\Users\Melissa\Downloads\winzip19-lan.exe => Moved successfully.

==== End of Fixlog 15:53:59 ====
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby melbewell » April 27th, 2015, 5:49 pm

My problem hasn't disappeared completely yet. I've been browsing for awhile and it was working great but another security ad just came up. No extensions are installed or running.
melbewell
Active Member
 
Posts: 7
Joined: April 25th, 2015, 6:34 pm

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » April 28th, 2015, 1:33 am

Please try resetting your router, and see if this stops the ads from appearing ....

  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router. Some routers have a reset button on the front.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You may need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Fake Security Alert Pop-ups Taking over Chrome (Windows

Unread postby Gary R » May 1st, 2015, 12:57 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware