I don't know whether to laugh or cry, I had to prove I wasn't a Robot spamming the site before I could post this reply..
Hmm.
Yes, that's possible. I was actually pondering switching over to Trend Micro's AV/AM & Security software when I was doing the latest scans but just decided to leave whatever was running the way that it was out of plain old exasperation, originally I was only running McAfee LiveSafe and its accoutrements, and during this last fiasco when the computer shutdown and the settings began changing again (when I rebooted and signed back in the firewall was turned off and stayed off for quite some time, neither Windows Defender or McAfee would take up the job, the smartscreen was on the fritz, etc) all I had for a Browser was iexplorer, which has since disappeared from Start and Taskbar and kept switching me to Proxy when I don't use a Proxy (the AP has HTTPS sign-in with password as Proxy) but now I'm wondering if iexplorer.exe being reported as having 'Image Hijack' by the Autoruns Viewer actually stemmed from it being linked to both the classic view and the Win 8.1 view. therefore its deletion was in fact the deletion of its image connected up to more than one region in the OS?? (I apologize for not knowing all the proper terminology yet, but I'm sure you know what i'm getting at) so your thoughts about that are in the ballpark with at least some of what's been going on likely being due to conflicts of one kind or another from the beginning.
*As for running Process Explorer, I didn't start up every program that I have while it was on but I did power up a bunch of non Microsoft progs/apps, ironically after connecting up with VirusTotal the first one to catch my attention was Process Explorer itself with 1/55, and the Screen-Cast-O-Matic 1/55 as well.
VirusTotal has "procexp.exe" listed as 1/55 - Antiy-AVL = Trojan[:HEUR]/Win32.AGeneric
And screencast-o-matic.exe listed as 1/55 - Bkav = W32.Clod98d.Trojan.5ae1
Which are probably the two programs that are the least of my worries. I haven't researched what these companies have said for their reasons yet since I'm trying to get this info back to you as quickly as I can but I'm guessing these classifications are due to their particular rating standards / PUPs?
I've only switched SoM on recently just to test it but if I remember correctly it basically hijacks the Java app when it's in use and combined can cause freezing, so that's a possible complaint factor, but I've never had any problems with it other than occasional short term freezing that I know of.
* Ok after running AdWCleaner at the end here I find it listed by VirusTotal as 2/55 - Jiangmin = TrojanDropper.FrauDrop.uic
& TrendMicroHouseCall = Suspicious_GEN.F47V1124,
(VirusTotal's "Relationships" tab mentions the AdWCleaner file being sent to them in a bundle itself, so that may be why, not sure yet)
*Created the HOSTS file, everything seemed to work out ok.
*Adwcleaner only shows two folders associated with the Browser Guard, I'll just leave them be for now though I may get rid of the whole thing later depending on which AV/AM/Security brand I end up going with, I actually do want to have a singular and harmonious interaction of all the apps, just that I've been in Emergency mode and a bit of trial & error mode lately
*Ran sfc /scannow, it created CBS.log file which I'm attaching, it said there are some problems.
Also when I open the Windows\Logs\CBS folder to get to it every other file in that folder is called "CbsPersist_...***..." with date numbers/etc numbers after the _ the only difference being variations of the date numbers/etc #'s.
There are 5 of these "CbsPersist" files, only the recently accessed/modified one is in
Blue in the directory, and so is the CBS.log file just accessed by running the command to scan.
That most recently accessed/modified "CbsPersist" file in
Blue is listed as
CbsPersist_20141130120102
Text Document (.log)
Location C:\Windows\Logs\CBS
Size 88.2 MB (92,504,506 bytes)
Size on Disk 22.2 MB (23,367,680 bytes)
Created Wednesday, April 2, 2014, 2:49:52 AM (at least it's not dated from 1869 like the WSCMD.dll "Wondershare" linked/hijacked file had been before the Refresh, and Wondershare had come straight from their professional site!)
Modified Today, November 30, 2014, 10 hours ago
The other 4 "CbsPersist_...###..." files are between 2.24 & 3.6 M/bs.
The Subnet Mask for the TAP=WA-9 is the VPN.
