I am in the middle of assignments and exams, and now in a big puddle of tears and could really use some help. I really hope I purchased your program and not some rogue program.
I have ran the required scans. I'll copy and paste below. I just purchased your software. I have also been having a lot of malicious site redirects that your software has made me aware of. Interestingly it has taken some time to be able to post this, as I was not allowed to create an account. When I requested a 'forgot my password' I was never sent one, and now beleive I was on a rogue emsisoft site. I used duckduckgo and managed to get to your proper site. At least I hope it is. this time it let me create an account, and was able to get email verification, and now sign in and post.
I have a very strange thing in my control panel thaI I have never seen before. I thought I had gotten rid of it with a reinstall of win 8.1. It is back. It is back after I installed your software, ran it and all was okay, along with other software. Interestingly today I cannot run your software anymore. My pc does nothing. It does tell me I am entering a malicious site and I choose the 'block', but I cannot call up the graphic interface to select settings, or look at logs, or update the database. I had to run the emergency repair kit, but only after I ran the registry kill program from bleeping computers. I ran both requested scans. I am unsure how to paste a screen shot to you to see the control panel disturbance I am talking about. I have purchased your program like I said, but I cannot access it anymore.
When I ran the registry kill, it did kill two things. I do not want to post anything else until you ask, as those are the instructions you have given for the first posting for help.
Emsisoft Emergency Kit - Version 9.0
Last update: 2015-03-16 3:40:39 AM
User account: CINDY\acer
Scan settings:
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\, C:\Program Files (x86)\
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 2015-03-16 3:41:11 AM
Scanned 227932
Found 0
Scan end: 2015-03-16 4:20:24 AM
Scan time: 0:39:13
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by acer at 2015-03-16 05:07:35
Running from C:\Users\acer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.2006.0 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E433737F-59A9-ADC0-A2B5-7714003EFC50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Echo Desktop (HKLM-x32\...\Echo Desktop 3.0.1) (Version: 3.0.1 - Livescribe Inc)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X7 - Common Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Common Files English (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM Content TBYB (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM TBYB (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files English (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Oxford (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files English (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files English (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Setup Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - System Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files English (x32 Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - WPD format Props x64 (Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - WT (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.337 - Corel Corporation)
WordPerfect Office X7 (x32 Version: 17.1 - Corel Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {17135AE4-58E7-4807-8A5E-06A0F6AAA531} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {1A8BCE9C-72F9-4058-83B3-8496300242DF} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {28F3B94C-DC67-40DE-91E2-9B954CC30665} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: {3BF0DC9F-B80C-400C-B7F9-9A0AAB85A722} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {8DE3397F-D133-4B59-9C18-A594755723AB} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {8E9B2801-4871-4BF2-B7E5-B9AD5CC6A2F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-14] (Google Inc.)
Task: {96955910-D4EB-455D-94D8-BD1C62DED1C5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {9A913F31-9D1E-4255-8499-FD03080FF4E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-14] (Google Inc.)
Task: {B25CEB8A-7A3B-4084-A067-0317E59D7171} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {B44D9C39-3A61-4C69-8D6E-1691376FB69C} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {B78B56C2-3A84-4AD7-B6A6-0D4FEFF386E4} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {ECBE63CC-3079-4D59-89E7-6D7A4D94660B} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-06-14 13:36 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-06-14 13:47 - 2014-01-03 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-02-26 01:14 - 2014-02-26 01:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 01:11 - 2014-02-26 01:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 01:17 - 2014-02-26 01:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-13 19:06 - 2015-03-13 19:06 - 00194560 _____ () C:\Program Files\WindowsApps\DuckDuckGo.DuckDuckGo_1.0.1.1_neutral__nhsm14wcy13m0\DDG.exe
2014-12-17 23:54 - 2014-12-17 23:54 - 00275968 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2015-03-14 03:59 - 2015-03-14 03:59 - 00856576 _____ () C:\Users\acer\AppData\Local\Packages\duckduckgo.duckduckgo_nhsm14wcy13m0\AC\Microsoft\CLR_v4.0_32\NativeImages\DDG\bad8f7c482622f56fa1697129e7e84c1\DDG.ni.exe
2015-03-14 03:55 - 2015-03-14 03:55 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
2015-03-14 03:59 - 2015-03-14 03:59 - 00199168 _____ () C:\Users\acer\AppData\Local\Packages\duckduckgo.duckduckgo_nhsm14wcy13m0\AC\Microsoft\CLR_v4.0_32\NativeImages\DDG.Core\539ad19abd6aa064344bba975af7d78f\DDG.Core.ni.dll
2015-03-14 03:55 - 2015-03-14 03:55 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2015-03-14 03:55 - 2015-03-14 03:55 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
2015-03-14 03:56 - 2015-03-14 03:56 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2015-03-14 03:56 - 2015-03-14 03:56 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
2015-03-14 03:57 - 2015-03-14 03:57 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
2015-03-14 03:58 - 2015-03-14 03:58 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
2015-03-14 03:58 - 2015-03-14 03:58 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3697784714-1533898605-4234074958-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
DNS Servers: 24.226.1.93 - 24.226.10.193
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
acer (S-1-5-21-3697784714-1533898605-4234074958-1001 - Administrator - Enabled) => C:\Users\acer
Administrator (S-1-5-21-3697784714-1533898605-4234074958-500 - Administrator - Disabled) => C:\Users\Administrator
Dyllan (S-1-5-21-3697784714-1533898605-4234074958-1004 - Limited - Enabled)
Guest (S-1-5-21-3697784714-1533898605-4234074958-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3697784714-1533898605-4234074958-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2015 04:05:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (03/15/2015 01:31:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (03/14/2015 03:15:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:14:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:14:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:13:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:13:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:13:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:13:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
Error: (03/14/2015 03:13:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
System errors:
=============
Error: (03/16/2015 03:37:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cleanhlp service failed to start due to the following error:
%%183
Error: (03/16/2015 03:05:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf1: NuanceCommunications.DragonNotes.
Error: (03/15/2015 09:19:24 AM) (Source: DCOM) (EventID: 10010) (User: CINDY)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (03/15/2015 09:18:54 AM) (Source: DCOM) (EventID: 10010) (User: CINDY)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (03/15/2015 09:07:18 AM) (Source: DCOM) (EventID: 10010) (User: CINDY)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (03/15/2015 09:06:47 AM) (Source: DCOM) (EventID: 10010) (User: CINDY)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (03/14/2015 03:42:45 AM) (Source: DCOM) (EventID: 10010) (User: CINDY)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (03/14/2015 03:42:15 AM) (Source: DCOM) (EventID: 10010) (User: CINDY)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (03/14/2015 00:25:20 AM) (Source: DCOM) (EventID: 10016) (User: CINDY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}CINDYacerS-1-5-21-3697784714-1533898605-4234074958-1001LocalHost (Using LRPC)5E8FC25E.XodoDocs_2.3.1.28574_x64__3v3sf0k6w2recS-1-15-2-3137565079-254272729-3968082182-3551549582-1261386094-395665839-3708555313
Error: (03/13/2015 08:07:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (03/16/2015 04:05:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (03/15/2015 01:31:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (03/14/2015 03:15:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:14:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:14:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:13:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:13:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:13:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:13:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (03/14/2015 03:13:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
CodeIntegrity Errors:
===================================
Date: 2015-03-15 09:20:15.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:14.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:14.115
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:13.506
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:12.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:12.350
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:11.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:11.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:11.147
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-03-15 09:20:11.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 47%
Total physical RAM: 3543.23 MB
Available physical RAM: 1854.73 MB
Total Pagefile: 4887.23 MB
Available Pagefile: 2064.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.76 GB) (Free:394.06 GB) NTFS
Drive e: (CINDYFREITA) (Removable) (Total:14.53 GB) (Free:13.58 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD462C79)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by acer (administrator) on CINDY on 16-03-2015 05:06:09
Running from C:\Users\acer\Downloads
Loaded Profiles: acer (Available profiles: acer & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\DuckDuckGo.DuckDuckGo_1.0.1.1_neutral__nhsm14wcy13m0\DDG.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Nuance Communications) C:\Program Files\WindowsApps\NuanceCommunications.DragonNotes_1.1.0.46_x86__t8nkjeh2dd298\NuanceWin8.exe
(Emsisoft GmbH) C:\EEK\bin\a2emergencykit.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4885584 2015-03-02] (Emsisoft GmbH)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2014-08-14] (Corel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-3697784714-1533898605-4234074958-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3697784714-1533898605-4234074958-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3697784714-1533898605-4234074958-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3697784714-1533898605-4234074958-1001 -> {4B44DE15-5F8E-4550-ACC3-9A20DBE3AB05} URL =
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
FireFox:
========
FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\28que32b.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-14] (Google Inc.)
FF Extension: NoScript - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\28que32b.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5019496 2015-03-02] (Emsisoft GmbH)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2014-12-17] (Livescribe) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S4 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-13] (Emsisoft GmbH)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-02] (Emsisoft GmbH)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 PulseUsb; C:\Windows\System32\drivers\PulseUsb.sys [26112 2014-12-17] (Windows ® Win 7 DDK provider)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 05:06 - 2015-03-16 05:06 - 00009416 _____ () C:\Users\acer\Downloads\FRST.txt
2015-03-16 05:05 - 2015-03-16 05:06 - 00000000 ____D () C:\FRST
2015-03-16 03:36 - 2015-03-16 03:36 - 00000759 _____ () C:\Users\acer\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-16 03:32 - 2015-03-16 03:32 - 02095616 _____ (Farbar) C:\Users\acer\Downloads\FRST64.exe
2015-03-16 03:24 - 2015-03-16 03:27 - 169173168 _____ (Emsisoft Ltd. ) C:\Users\acer\Downloads\EmsisoftAntiMalwareSetup(1).exe
2015-03-16 03:13 - 2015-03-16 03:13 - 00002280 _____ () C:\Users\acer\Desktop\Rkill1.txt
2015-03-16 03:13 - 2015-03-16 03:13 - 00002190 _____ () C:\Users\acer\Desktop\Rkill2.txt
2015-03-16 03:09 - 2015-03-16 03:12 - 00002190 _____ () C:\Users\acer\Desktop\Rkill.txt
2015-03-16 02:56 - 2015-03-16 03:00 - 165501568 _____ (Livescribe, Inc) C:\Users\acer\Downloads\EchoDesktop_Setup_v3.0.2(1).exe
2015-03-15 08:59 - 2015-03-15 09:02 - 165501568 _____ (Livescribe, Inc) C:\Users\acer\Downloads\EchoDesktop_Setup_v3.0.2.exe
2015-03-15 08:58 - 2015-03-15 08:58 - 00000000 ____D () C:\Users\acer\AppData\Local\Livescribe
2015-03-15 08:58 - 2015-03-15 08:58 - 00000000 ____D () C:\ProgramData\Livescribe
2015-03-15 08:57 - 2015-03-15 08:57 - 00002093 _____ () C:\Users\Public\Desktop\Echo Desktop.lnk
2015-03-15 08:57 - 2015-03-15 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livescribe
2015-03-15 08:57 - 2015-03-15 08:57 - 00000000 ____D () C:\Program Files (x86)\Livescribe
2015-03-14 15:30 - 2015-03-14 15:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-14 15:30 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-14 14:05 - 2012-10-24 15:44 - 00656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall308549.exe
2015-03-14 13:59 - 2015-03-14 13:59 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Macromedia
2015-03-14 13:58 - 2015-03-14 13:58 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-03-14 13:56 - 2015-03-14 14:05 - 00000000 ____D () C:\Users\acer\AppData\Roaming\WildTangent
2015-03-14 11:15 - 2015-03-14 11:15 - 00000000 ____D () C:\Program Files\Common Files\Corel
2015-03-14 11:14 - 2015-03-14 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-14 11:14 - 2015-03-14 11:12 - 00002402 _____ () C:\Users\Public\Desktop\WordPerfect X7.lnk
2015-03-14 11:13 - 2015-03-16 04:24 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 11:13 - 2015-03-15 11:24 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 11:13 - 2015-03-14 11:24 - 00000000 ____D () C:\Users\acer\AppData\Local\Google
2015-03-14 11:13 - 2015-03-14 11:19 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-14 11:13 - 2015-03-14 11:19 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-14 11:13 - 2015-03-14 11:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-14 11:09 - 2015-03-14 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X7
2015-03-14 11:09 - 2015-03-14 11:12 - 00000000 ____D () C:\ProgramData\Corel
2015-03-14 11:08 - 2015-03-14 11:09 - 00000000 ____D () C:\ProgramData\Borland
2015-03-14 11:08 - 2015-03-14 11:08 - 00000000 ____D () C:\Program Files (x86)\Corel
2015-03-14 10:55 - 2015-03-14 10:55 - 00000000 ____D () C:\ProgramData\WordPerfect Office X7
2015-03-14 10:53 - 2015-03-14 10:53 - 00188928 _____ () C:\Users\acer\Downloads\Week 9 Posted.ppt
2015-03-14 00:34 - 2015-03-14 00:34 - 00002118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-14 00:34 - 2015-03-14 00:34 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Thunderbird
2015-03-14 00:34 - 2015-03-14 00:34 - 00000000 ____D () C:\Users\acer\AppData\Local\Thunderbird
2015-03-14 00:33 - 2015-03-14 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-14 00:31 - 2015-03-14 00:33 - 66547160 _____ (Rebit, Inc.) C:\Users\acer\Downloads\rebitpro-setup-5.1.3001.14481.exe
2015-03-14 00:15 - 2015-03-14 00:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-13 23:50 - 2015-03-13 23:51 - 28908928 _____ (Mozilla) C:\Users\acer\Downloads\Thunderbird Setup 31.5.0.exe
2015-03-13 23:26 - 2015-03-13 23:26 - 01572612 _____ () C:\Users\acer\Downloads\KeePass-1.28.zip
2015-03-13 23:07 - 2015-03-13 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-03-13 23:06 - 2015-03-02 19:51 - 00135800 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-03-13 23:05 - 2015-03-16 04:53 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-13 23:00 - 2015-03-13 23:00 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\acer\Downloads\mbam-setup.exe
2015-03-13 22:57 - 2015-03-13 23:01 - 168833240 _____ (Emsisoft Ltd. ) C:\Users\acer\Downloads\EmsisoftAntiMalwareSetup.exe
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\Users\acer\AppData\Local\Acer Aspire R7 Tutorial
2015-03-13 19:36 - 2015-03-13 19:36 - 02171392 _____ () C:\Users\acer\Downloads\AdwCleaner.exe
2015-03-13 18:55 - 2015-03-13 18:55 - 00001288 _____ () C:\Users\acer\Desktop\Revo Uninstaller.lnk
2015-03-13 18:55 - 2015-03-13 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-13 18:54 - 2015-03-13 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\acer\Downloads\revosetup.exe
2015-03-13 18:46 - 2015-03-14 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 18:46 - 2015-03-13 18:47 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Mozilla
2015-03-13 18:46 - 2015-03-13 18:47 - 00000000 ____D () C:\Users\acer\AppData\Local\Mozilla
2015-03-13 18:46 - 2015-03-13 18:46 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 18:46 - 2015-03-13 18:46 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-13 18:45 - 2015-03-13 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-13 18:43 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-13 18:43 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-13 17:05 - 2015-03-15 09:21 - 00000000 ____D () C:\Windows.old
2015-03-13 17:05 - 2015-03-13 17:05 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-03-13 14:26 - 2015-03-03 09:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-13 14:05 - 2015-03-13 14:05 - 00000000 ____D () C:\Users\acer\AppData\Local\Acer
2015-03-13 13:52 - 2015-03-13 13:52 - 00000000 __SHD () C:\Users\acer\AppData\Local\EmieUserList
2015-03-13 13:52 - 2015-03-13 13:52 - 00000000 __SHD () C:\Users\acer\AppData\Local\EmieSiteList
2015-03-13 13:52 - 2015-03-13 13:52 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-13 13:36 - 2015-03-13 13:36 - 00001280 _____ () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2015-03-13 13:36 - 2015-03-13 13:36 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Atheros
2015-03-13 13:28 - 2015-03-16 04:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3697784714-1533898605-4234074958-1001
2015-03-13 13:22 - 2015-03-13 13:22 - 00000000 ____D () C:\Users\acer\AppData\Local\AOP SDK
2015-03-13 13:17 - 2015-03-13 20:02 - 00000000 ____D () C:\Users\acer\AppData\Local\clear.fi
2015-03-13 13:17 - 2015-03-13 13:17 - 00015734 _____ () C:\Users\acer\Desktop\Removed Apps.html
2015-03-13 13:17 - 2015-03-13 13:17 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-03-13 13:15 - 2015-03-13 13:15 - 00001450 _____ () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-13 13:15 - 2015-03-13 13:15 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Adobe
2015-03-13 13:15 - 2015-03-13 13:15 - 00000000 ____D () C:\Users\acer\AppData\Local\VirtualStore
2015-03-13 13:15 - 2015-03-13 13:15 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2015-03-13 13:14 - 2015-03-13 13:14 - 00000020 ___SH () C:\Users\acer\ntuser.ini
2015-03-13 13:12 - 2015-03-13 13:12 - 00003911 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2015-03-13 13:09 - 2015-03-13 13:09 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-03-13 13:08 - 2015-03-13 13:16 - 00000000 ____D () C:\Users\acer
2015-03-13 13:08 - 2015-03-13 13:11 - 00028578 _____ () C:\WINDOWS\diagwrn.xml
2015-03-13 13:08 - 2015-03-13 13:11 - 00028578 _____ () C:\WINDOWS\diagerr.xml
2015-03-13 13:08 - 2014-04-29 11:27 - 00000000 ___RD () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 13:08 - 2014-04-29 11:27 - 00000000 ___RD () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-13 13:08 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-13 13:08 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-13 13:08 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 13:08 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-13 13:07 - 2015-03-13 13:07 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-03-13 10:43 - 2015-03-13 10:43 - 00000000 ____D () C:\Users\acer\Desktop\Old Firefox Data
2015-03-13 10:18 - 2015-03-13 10:18 - 00033657 _____ () C:\Users\acer\Desktop\bookmarks-2015-03-13.json
2015-03-13 03:00 - 2015-03-16 03:36 - 00000000 ____D () C:\EEK
2015-03-12 22:16 - 2015-03-12 22:16 - 00001989 _____ () C:\Users\acer\Documents\Documents To Be Sent With Registered Notice of ApplicationStatement.wpd
2015-03-12 22:12 - 2015-03-12 22:12 - 00432349 _____ () C:\Users\acer\Documents\Document2.wpd
2015-03-12 22:11 - 2015-03-12 22:11 - 00197151 _____ () C:\Users\acer\Documents\Document8.wpd
2015-03-12 22:11 - 2015-03-12 22:11 - 00187743 _____ () C:\Users\acer\Documents\Document4.wpd
2015-03-12 22:11 - 2015-03-12 22:11 - 00187288 _____ () C:\Users\acer\Documents\Document3.wpd
2015-03-12 22:11 - 2015-03-12 22:11 - 00185429 _____ () C:\Users\acer\Documents\Document6.wpd
2015-03-12 22:11 - 2015-03-12 22:11 - 00179987 _____ () C:\Users\acer\Documents\Document5.wpd
2015-03-12 22:11 - 2015-03-12 22:11 - 00133463 _____ () C:\Users\acer\Documents\Document7.wpd
2015-03-10 17:54 - 2015-03-10 23:47 - 00010029 _____ () C:\Users\acer\Desktop\Breakfast Nests15 oz.wpd
2015-03-09 14:06 - 2015-03-09 14:06 - 00035197 _____ () C:\Users\acer\Documents\First Applications are owner-driven1.wpd
2015-03-09 14:06 - 2015-03-09 14:06 - 00005324 _____ () C:\Users\acer\Documents\The Notice package should include.wpd
2015-03-08 21:34 - 2015-03-08 22:22 - 00035430 _____ () C:\Users\acer\Desktop\FLASHCARDS First Applications are owner-driven1.wpd
2015-03-08 12:49 - 2015-03-08 12:49 - 00002142 _____ () C:\Users\acer\Desktop\recipie card.wpd
2015-03-07 21:34 - 2015-03-07 21:34 - 00000082 _____ () C:\Users\acer\Desktop\g84 5.22 Fraud in Science. A Look Behind the Scenes.wtfav
2015-03-06 14:34 - 2015-03-06 15:25 - 00158208 ___SH () C:\Users\acer\Thumbs.db
2015-03-05 12:18 - 2015-03-05 12:23 - 00000000 ___RD () C:\Users\acer\Desktop\CORPORATE ASSIGNMENT
2015-03-03 23:19 - 2015-03-03 23:19 - 00025876 _____ () C:\Users\acer\Desktop\FourThumbs.wpd
2015-03-03 23:02 - 2015-03-03 23:02 - 00000000 ____D () C:\Users\acer\Documents\CCWin
2015-03-03 22:58 - 2015-03-03 22:58 - 00000000 ____D () C:\Users\acer\Documents\Corel User Files
2015-03-03 08:46 - 2015-03-03 08:46 - 00169769 _____ () C:\Users\acer\Desktop\Bible Translation in Medieval Spain.htm
2015-03-03 08:46 - 2015-03-03 08:46 - 00167452 _____ () C:\Users\acer\Desktop\The Syriac Peshitta—A Window on the World of Early Bible Translations.htm
2015-03-03 08:46 - 2015-03-03 08:46 - 00000000 ____D () C:\Users\acer\Desktop\The Syriac Peshitta—A Window on the World of Early Bible Translations_files
2015-03-03 08:46 - 2015-03-03 08:46 - 00000000 ____D () C:\Users\acer\Desktop\Bible Translation in Medieval Spain_files
2015-03-03 08:45 - 2015-03-03 08:45 - 00152195 _____ () C:\Users\acer\Desktop\How to Show Texting Manners _ Help for the Family.htm
2015-03-03 08:45 - 2015-03-03 08:45 - 00151282 _____ () C:\Users\acer\Desktop\Did Josephus Really Write It _ Study.htm
2015-03-03 08:45 - 2015-03-03 08:45 - 00000000 ____D () C:\Users\acer\Desktop\How to Show Texting Manners _ Help for the Family_files
2015-03-03 08:45 - 2015-03-03 08:45 - 00000000 ____D () C:\Users\acer\Desktop\Did Josephus Really Write It _ Study_files
2015-03-03 08:44 - 2015-03-03 08:44 - 00194940 _____ () C:\Users\acer\Desktop\What Should I Know About Texting _ Young People Ask.htm
2015-03-03 08:44 - 2015-03-03 08:44 - 00000000 ____D () C:\Users\acer\Desktop\What Should I Know About Texting _ Young People Ask_files
2015-03-02 23:00 - 2015-03-16 03:12 - 00000000 ___RD () C:\Users\acer\Desktop\CindyTool Box
2015-03-02 17:44 - 2015-03-10 22:01 - 00000000 ____D () C:\Users\acer\Desktop\mbar
2015-03-02 16:45 - 2015-03-02 16:45 - 00000000 ____D () C:\Users\acer\Documents\QPPriv
2015-03-02 16:40 - 2015-03-02 16:40 - 00000000 ____D () C:\Users\acer\Documents\HTML
2015-03-02 16:25 - 2015-03-02 16:25 - 00000000 ____D () C:\Users\acer\Documents\Working Files
2015-03-02 15:33 - 2015-03-02 15:35 - 00000000 ____D () C:\Users\Public\Documents\WordPerfect Office
2015-02-26 09:58 - 2015-02-26 10:39 - 00000000 ____D () C:\Users\acer\Desktop\Dyllan Jemison
2015-02-24 17:10 - 2015-02-24 17:11 - 36909056 ____N (Livescribe, Inc) C:\Users\acer\Downloads\LivescribeHelper_Win_1.4.3.exe
2015-02-17 21:48 - 2015-02-17 21:47 - 00262144 ____N () C:\Users\acer\Downloads\F1A23A95-D797-41D9-B77B-B7B1CCF3B34D.Diagnose.0.etl
2015-02-16 21:05 - 2015-02-16 21:05 - 00650392 ____N (Sysinternals - www.sysinternals.com) C:\Users\acer\Downloads\autoruns.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 05:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-16 04:33 - 2014-06-14 12:25 - 02091772 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-16 04:07 - 2013-08-22 11:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-16 03:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-16 03:03 - 2014-12-05 17:28 - 00000000 ____D () C:\Users\acer\AppData\Local\Packages
2015-03-15 08:57 - 2014-06-14 12:57 - 00009234 _____ () C:\WINDOWS\DPINST.LOG
2015-03-14 14:05 - 2014-04-29 11:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-14 14:05 - 2014-04-29 11:45 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-14 14:05 - 2014-04-29 11:45 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-14 11:32 - 2014-06-14 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRIVATE WiFi
2015-03-14 11:27 - 2014-06-14 12:58 - 00814850 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-03-14 11:27 - 2014-06-14 12:58 - 00163070 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-03-14 11:27 - 2014-04-29 09:27 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-14 11:23 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-14 11:23 - 2013-08-22 10:44 - 00410720 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-14 11:22 - 2014-06-14 13:17 - 00164628 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2015-03-14 11:22 - 2014-04-29 09:17 - 00002990 _____ () C:\WINDOWS\PFRO.log
2015-03-14 11:22 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-13 20:09 - 2014-04-29 12:00 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-13 20:07 - 2014-12-18 23:30 - 00000000 ____D () C:\AdwCleaner
2015-03-13 20:02 - 2014-04-29 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-13 20:02 - 2014-04-29 11:45 - 00000000 ____D () C:\ProgramData\Acer
2015-03-13 20:02 - 2014-04-29 11:45 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-13 19:39 - 2013-08-22 10:46 - 00032275 _____ () C:\WINDOWS\setupact.log
2015-03-13 19:00 - 2014-04-29 11:54 - 00000000 ____D () C:\ProgramData\Nero
2015-03-13 17:05 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-13 14:05 - 2014-12-19 01:13 - 00000000 ___HD () C:\$SysReset
2015-03-13 14:05 - 2014-06-14 13:20 - 00000000 ____D () C:\Program Files\Acer
2015-03-13 13:43 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-13 13:22 - 2014-04-29 10:10 - 00000000 ___HD () C:\OEM
2015-03-13 13:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-13 13:19 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-13 13:17 - 2014-04-29 10:16 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-13 13:15 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-13 13:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-13 13:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-13 13:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-13 13:11 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-13 13:08 - 2014-04-29 09:20 - 00000000 ____D () C:\Users\Administrator
2015-03-13 11:50 - 2014-12-10 22:11 - 02799104 ___SH () C:\Users\acer\Desktop\Thumbs.db
2015-03-09 14:07 - 2014-12-09 15:13 - 00005438 _____ () C:\Users\acer\Desktop\GiveMe3Steps.kdbx
2015-03-06 18:45 - 2014-12-14 17:55 - 02074112 ___SH () C:\Users\acer\Downloads\Thumbs.db
2015-03-04 14:33 - 2014-12-20 01:26 - 00000000 ___RD () C:\Users\acer\Documents\Notes
2015-03-03 07:40 - 2015-01-21 21:50 - 00000000 ___RD () C:\Users\acer\Desktop\everythingelse
2015-03-02 11:27 - 2014-12-18 13:16 - 00826880 ___SH () C:\Users\acer\Documents\Thumbs.db
2015-02-28 17:07 - 2014-07-15 03:35 - 00000000 ____D () C:\Users\acer\Desktop\UM_Acer_1.0_EN
2015-02-26 19:50 - 2015-02-01 12:01 - 00000000 ____D () C:\Users\acer\Desktop\Resumes
2015-02-24 20:44 - 2014-12-31 22:09 - 00000000 ____D () C:\Users\acer\Documents\Bluetooth Folder
2015-02-16 09:45 - 2015-01-09 11:47 - 00000000 ____D () C:\Users\acer\Documents\NiagaraCollege
==================== Files in the root of some directories =======
2014-06-14 12:50 - 2014-06-14 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-14 14:05 - 2012-10-24 15:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall308549.exe
Files to move or delete:
====================
C:\ProgramData\uninstall308549.exe
Some content of TEMP:
====================
C:\Users\acer\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\acer\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\acer\AppData\Local\Temp\Quarantine.exe
C:\Users\acer\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-04-29 09:17
==================== End Of Log ============================