Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acer M Laptop keyboard stopped working appropiately. Typing shortcuts randomly.


  • This topic is locked This topic is locked
17 replies to this topic

#1 IamIsela

IamIsela

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 June 2017 - 06:49 PM

I own an Acer M5 laptop. It's keyboard abruptly stopped working as it should three days ago. At first every every time I would type a letter,three other letters would follow. If I typed 'F' , something like FVC would show up in my text box where ever I'd be typing. Later it got stuck on the letter P even though I'd be typing another letter and the P key was seemingly not stuck.An external USB keyboard works only for about an hour before it switches the keys to shortcuts and if I don't touch my original laptops keyboard. Once it abruptly switches over, I have to restart my computer in order for it to work for another hour or so. I have no idea what this could be. Perhaps this community could be of service. I depend on this laptop for school and work.

 

 

 

Scan results below:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by Acer (administrator) on ACER-PC (23-06-2017 16:24:40)
Running from C:\Users\Acer\Downloads
Loaded Profiles: Acer & postgres (Available Profiles: Acer & postgres & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-06] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\Run: [Google Update] => C:\Users\Acer\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\MountPoints2: {90ebb8d2-202d-11e4-8100-2016d857005b} - "E:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\MountPoints2: {bd81ef20-1df5-11e6-85cb-2016d857005b} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-06-17]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-10-19]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5e516d87-f0d1-11e3-8250-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7C5C34DB-F1C6-4DF7-9DCE-E74467A96FAF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9FE79A0D-C0A3-435C-913B-5DDDCBDE7F96}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{CEC6D87E-2E6C-49C3-B1C3-CE0FD19A4DF3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{CEC6D87E-2E6C-49C3-B1C3-CE0FD19A4DF3}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{EFA308E9-098D-443B-AD41-EE9E0DAF529C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EFA308E9-098D-443B-AD41-EE9E0DAF529C}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: [S-1-5-21-1017176398-2508587879-3007524900-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F6856AF0-5D11-43C1-B0DF-FF7D1B0A1CAD}&mid=f9923a623dee47d2a364f15f9eb3e9a8-3ab50a45f6f48e9caaab21ddf9d44f9fce1b2e2f&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116avz&pr=fr&d=2016-11-27 04:43:30&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001 -> {AA5FE4EC-DEB1-4FCF-9029-E304CD74854C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-09] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-06] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-09] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default [2017-06-23]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r1biso1x.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r1biso1x.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\r1biso1x.default -> hxxps://www.google.com/
FF Extension: (adaware ad block) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-04-17]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\artur.dubovoy@gmail.com [2017-04-19]
FF Extension: (AVG Web TuneUp) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\avg@toolbar.xpi [2017-02-06]
FF Extension: (Click&Clean) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\clickclean@hotcleaner.com [2016-04-26]
FF Extension: (Fastest Search) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\fastestsearch@mingyi.org.xpi [2016-09-07]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-20]
FF Extension: (MEGA) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\firefox@mega.co.nz.xpi [2017-06-21]
FF Extension: (AudioTube) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\firefox@org.audiotube.xpi [2016-04-27]
FF Extension: (PriceBlink - Price Comp & Coupons) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\info@priceblink.com.xpi [2017-06-21]
FF Extension: (YouTube mp3) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\info@youtube-mp3.org.xpi [2016-04-27]
FF Extension: (Self-Destructing Cookies) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-25]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-06-23]
FF Extension: (Print pages to PDF) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\printPages2Pdf@reinhold.ripper [2015-08-12]
FF Extension: (FastestFox) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\smarterwiki@wikiatic.com.xpi [2016-04-27]
FF Extension: (YouTube High Definition) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (Flash and Video Download) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-02-23]
FF Extension: (SoundCloud Downloader - Technowise) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2016-07-21]
FF Extension: (Adblock Plus) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (YouTube Flash Video Player) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\r1biso1x.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-06-20]
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Greyfirst\Celtx\Profiles\byk9wnat.default [2016-11-09]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [not found]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1017176398-2508587879-3007524900-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Acer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1017176398-2508587879-3007524900-1001: @talk.google.com/O1DPlugin -> C:\Users\Acer\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1017176398-2508587879-3007524900-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1017176398-2508587879-3007524900-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Acer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Acer\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default [2017-06-19]
CHR Extension: (Google Slides) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-30]
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-30]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-30]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-30]
CHR Extension: (Google Search) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-30]
CHR Extension: (Google Sheets) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-30]
CHR Extension: (Gmail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-14] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-19] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-08] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [472800 2017-03-21] (Wondershare)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-06] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-05-14] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314128 2017-05-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-05-14] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-05-14] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-05-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-05-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102280 2017-05-14] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-05-14] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-05-14] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [570320 2017-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [160008 2017-05-14] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340824 2017-05-14] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-08] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-06-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-08] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-08] (Malwarebytes)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-08] (Dritek System Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-23 16:24 - 2017-06-23 16:26 - 00033432 _____ C:\Users\Acer\Downloads\FRST.txt
2017-06-23 16:23 - 2017-06-23 16:24 - 00000000 ____D C:\FRST
2017-06-23 16:13 - 2017-06-23 16:13 - 02439680 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2017-06-23 14:27 - 2017-06-23 14:27 - 00001083 _____ C:\Users\Acer\Downloads\sitemap(2).xml
2017-06-23 14:23 - 2017-06-23 14:23 - 00000773 _____ C:\Users\Acer\Downloads\sitemap(1).xml
2017-06-23 14:20 - 2017-06-23 14:20 - 00000773 _____ C:\Users\Acer\Downloads\sitemap.xml
2017-06-22 13:21 - 2017-06-22 13:21 - 172260143 _____ C:\Users\Acer\Downloads\WTSR FINAL WEBSITE INTRO.mp4
2017-06-22 12:43 - 2017-06-22 12:43 - 00002760 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2017-06-21 18:49 - 2017-06-21 18:50 - 90741626 _____ C:\Users\Acer\Downloads\UCR WTSR SUBMISSION.mp4
2017-06-19 17:05 - 2017-06-19 18:20 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-19 17:04 - 2017-06-19 17:04 - 00124928 _____ C:\Users\Acer\Downloads\HitmanPro Reset.exe
2017-06-19 16:10 - 2017-06-19 18:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-19 16:10 - 2017-06-19 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-19 16:10 - 2017-06-19 16:10 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-06-19 16:08 - 2017-06-23 12:54 - 00262144 _____ C:\Users\postgres\ntuser.man
2017-06-19 16:08 - 2017-06-19 16:08 - 00002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-06-19 16:08 - 2017-02-21 09:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-06-19 16:06 - 2017-06-19 16:07 - 00000000 ____D C:\Users\Acer\AppData\Local\AvgSetupLog
2017-06-19 14:36 - 2017-06-19 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-06-19 14:36 - 2017-06-19 18:20 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-19 14:36 - 2017-06-19 14:36 - 00001913 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-06-19 14:35 - 2017-06-19 14:35 - 11584088 _____ (SurfRight B.V.) C:\Users\Acer\Downloads\HitmanPro_x64(1).exe
2017-06-18 00:08 - 2017-06-18 00:08 - 01010615 _____ C:\Users\Acer\Downloads\Brush-Stroke-Brushes-by-Sivioco.zip
2017-06-17 16:58 - 2017-02-20 10:01 - 00000000 ____D C:\Users\Acer\Downloads\ground textures 01
2017-06-17 16:55 - 2017-06-17 16:55 - 03954623 _____ C:\Users\Acer\Downloads\ground textures 01.zip
2017-06-17 13:05 - 2017-06-19 16:53 - 00000000 ____D C:\Users\Acer\Documents\ShareX
2017-06-17 13:05 - 2017-06-18 12:46 - 00000844 _____ C:\Users\Acer\Desktop\ShareX.lnk
2017-06-17 13:05 - 2017-06-17 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2017-06-17 13:05 - 2017-06-17 13:05 - 00000000 ____D C:\Program Files\ShareX
2017-06-17 12:56 - 2017-06-17 12:56 - 04639827 _____ (ShareX Team ) C:\Users\Acer\Downloads\ShareX-11.7.0-setup.exe
2017-06-15 15:19 - 2017-06-15 15:19 - 01622296 _____ C:\Users\Acer\Downloads\Flex Fuel_ Ethanol Process.mp4
2017-06-14 22:05 - 2017-06-14 22:05 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-06-13 22:38 - 2017-06-13 22:39 - 06688283 _____ C:\Users\Acer\Desktop\earthquake Sound Effects ALL SOUNDS.mp4
2017-06-13 22:38 - 2017-06-13 22:38 - 05315795 _____ C:\Users\Acer\Desktop\earthquake Sound Effects ALL SOUNDS.webm
2017-06-13 17:32 - 2017-06-13 17:32 - 01646600 _____ C:\Users\Acer\Downloads\Walt Whitman Unfinished.mp4
2017-06-13 16:55 - 2017-06-13 16:55 - 00120851 _____ C:\Users\Acer\Downloads\THEA-Tr3 Major.pdf
2017-06-13 16:54 - 2017-06-13 16:54 - 00079540 _____ C:\Users\Acer\Downloads\THEA-FLMK.pdf
2017-06-13 12:45 - 2017-06-13 12:45 - 00000971 _____ C:\Users\Acer\Desktop\WizTree.lnk
2017-06-13 12:45 - 2017-06-13 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
2017-06-13 12:45 - 2017-06-13 12:45 - 00000000 ____D C:\Program Files (x86)\WizTree
2017-06-13 12:43 - 2017-06-13 12:43 - 00939912 _____ (Antibody Software ) C:\Users\Acer\Downloads\wiztree_2_01_setup.exe
2017-06-13 12:28 - 2017-06-13 12:28 - 07495188 _____ C:\Users\Acer\Downloads\TUTORIAL 2.zip
2017-06-12 16:26 - 2017-06-12 16:26 - 00000000 ____D C:\Users\Acer\AppData\LocalLow\BitTorrent
2017-06-12 16:24 - 2017-06-12 16:59 - 00000000 ____D C:\Users\Acer\Desktop\School
2017-06-11 17:08 - 2017-06-11 17:19 - 58341410 _____ C:\Users\Acer\Desktop\3D Text In Picture Tutorial - Cinema 4D.mp4
2017-06-11 16:42 - 2017-06-11 16:52 - 42604569 _____ C:\Users\Acer\Desktop\3D Graphic Design Infographic - Illustrator Cinema 4D C4D Tutorials.mp4
2017-06-09 16:41 - 2017-06-13 22:41 - 00040660 _____ C:\Users\Acer\Desktop\Untitled.prproj
2017-06-08 23:48 - 2017-06-08 23:48 - 00003690 _____ C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-05 22:44 - 2017-06-05 22:44 - 00312166 _____ C:\Users\Acer\Downloads\IQ_BLF_ScholarshipApp_2017_Final-signed.pdf
2017-06-02 16:15 - 2017-06-02 16:17 - 1293136596 _____ C:\Users\Acer\Desktop\Traffic Sounds White Noise - Ambience for Sleeping, Studying - 10 Hours.mp4
2017-06-02 14:45 - 2017-06-04 15:32 - 00820731 _____ C:\Users\Acer\Desktop\CinemaSins Sound Effects - HD-1.mp4
2017-06-02 14:44 - 2017-06-04 15:32 - 00820737 _____ C:\Users\Acer\Desktop\CinemaSins Sound Effects - HD.mp4
2017-06-02 14:43 - 2017-06-04 15:32 - 00205547 _____ C:\Users\Acer\Desktop\Hit-Boom-Impact-Thud (Movie Trailer Cinematic) - Sound Effect.mp4
2017-06-02 14:43 - 2017-06-02 14:43 - 00033568 _____ C:\Users\Acer\Desktop\Thud Sound Effect.mp4
2017-06-02 13:37 - 2017-06-02 15:01 - 00059900 _____ C:\Users\Acer\Desktop\Dream Catcher.prproj
2017-05-30 19:07 - 2017-05-30 19:07 - 14320873 _____ C:\Users\Acer\Downloads\THE ARCHIVES PROJECT.mp4
2017-05-28 13:47 - 2017-05-28 13:47 - 00218003 _____ C:\Users\Acer\Downloads\A6(2).pdf
2017-05-28 13:47 - 2017-05-28 13:47 - 00119128 _____ C:\Users\Acer\Downloads\A7_Final.pdf
2017-05-28 13:46 - 2017-05-28 13:46 - 00218003 _____ C:\Users\Acer\Downloads\A6(1).pdf
2017-05-26 14:23 - 2017-05-26 15:16 - 00000000 ____D C:\Users\Acer\Desktop\WTSR.FINAL.RCC
2017-05-26 13:17 - 2017-06-14 22:55 - 00000000 ____D C:\Users\Acer\Desktop\Scholarship Applications
2017-05-26 12:53 - 2017-05-26 12:53 - 00289803 _____ C:\Users\Acer\Downloads\BLF_ScholarshipApp_2017_Final.pdf
2017-05-25 17:27 - 2017-05-25 17:27 - 19892073 _____ C:\Users\Acer\Downloads\wtsr-typewriter.mp4
2017-05-25 17:24 - 2017-05-25 17:24 - 67892337 _____ C:\Users\Acer\Downloads\WSTR+Music.mp4
2017-05-24 23:52 - 2017-05-24 23:53 - 00372479 _____ C:\Users\Acer\Downloads\chunkfive(1).zip
2017-05-24 16:10 - 2017-05-24 16:10 - 03229215 _____ C:\Users\Acer\Downloads\WTSR_green_Keylight.mp4
2017-05-24 16:10 - 2017-05-24 16:10 - 01154185 _____ C:\Users\Acer\Downloads\WTSR_presents_Keylight.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2094-06-24 02:00 - 2017-04-24 17:25 - 00179811 ____N C:\Users\Acer\Downloads\MPEG Streamclip Guide.pdf
2017-06-23 13:18 - 2016-11-13 09:53 - 00003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-06-23 13:02 - 2016-11-17 20:15 - 00000000 ____D C:\Users\Acer\AppData\LocalLow\Mozilla
2017-06-23 12:56 - 2017-04-24 18:40 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-23 12:56 - 2014-05-20 07:48 - 00000000 ___DO C:\Users\Acer\OneDrive
2017-06-23 12:55 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-23 11:58 - 2014-10-03 09:47 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47F88F9D-5EA5-49CE-A721-4A06D977E07D}
2017-06-22 15:22 - 2016-11-29 20:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-06-22 15:06 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-21 20:09 - 2017-04-07 19:25 - 00004178 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-06-20 11:49 - 2012-11-08 13:19 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1017176398-2508587879-3007524900-1001
2017-06-19 18:20 - 2017-02-09 09:21 - 00000000 ____D C:\ProgramData\Skype
2017-06-19 18:20 - 2013-05-23 11:31 - 00000000 ____D C:\ProgramData\Atheros
2017-06-19 18:11 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2017-06-19 16:20 - 2014-06-10 12:09 - 00000000 ____D C:\Users\Acer
2017-06-19 16:08 - 2016-12-27 18:43 - 00000000 ____D C:\Users\postgres
2017-06-19 16:08 - 2016-11-13 09:57 - 00000000 ____D C:\Users\Acer\AppData\Local\Avg
2017-06-19 16:07 - 2016-11-13 09:53 - 00000000 ____D C:\ProgramData\Avg
2017-06-19 16:07 - 2016-08-26 21:34 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-19 15:19 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-19 15:18 - 2014-10-17 21:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-17 20:17 - 2013-08-22 06:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-06-17 18:43 - 2015-07-08 19:24 - 00000132 _____ C:\Users\Acer\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-06-16 20:56 - 2014-08-08 15:34 - 00000000 ____D C:\Users\Acer\AppData\Roaming\BitTorrent
2017-06-16 16:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 16:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 16:13 - 2013-06-07 14:51 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-15 16:05 - 2014-03-18 03:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-14 11:31 - 2015-06-03 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-14 00:33 - 2017-02-06 22:29 - 00000000 ____D C:\Users\Acer\Desktop\Adobe Premiere Pro Auto-Save
2017-06-13 22:27 - 2017-02-06 22:14 - 00000000 ____D C:\Users\Acer\Desktop\Adobe Premiere Pro Preview Files
2017-06-13 12:11 - 2012-07-26 01:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-13 12:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-12 17:00 - 2017-04-04 12:13 - 00000000 ____D C:\Users\Acer\Desktop\Rickerby
2017-06-12 16:21 - 2014-12-17 20:45 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-05 22:35 - 2012-11-08 13:12 - 00000000 ____D C:\Users\Acer\AppData\Local\Packages
2017-05-29 16:36 - 2017-02-01 15:03 - 00000000 ____D C:\Users\Acer\Desktop\PAPERWORK
2017-05-29 11:28 - 2017-04-24 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-29 11:28 - 2017-04-06 18:54 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-25 16:48 - 2013-08-22 07:44 - 05264472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-25 11:10 - 2013-08-03 16:54 - 00000000 ____D C:\Users\Acer\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-10-02 14:16 - 2015-10-02 14:16 - 0000132 _____ () C:\Users\Acer\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-07-08 19:24 - 2017-06-17 18:43 - 0000132 _____ () C:\Users\Acer\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-26 12:58 - 2016-08-26 12:58 - 0138240 _____ () C:\Users\Acer\AppData\Roaming\Installer.dat
2016-08-26 12:59 - 2016-08-26 12:59 - 0018432 _____ () C:\Users\Acer\AppData\Roaming\Main.dat
2016-08-26 13:00 - 2016-08-26 13:00 - 0000355 _____ () C:\Users\Acer\AppData\Roaming\Sailstrong.bin
2016-08-20 11:17 - 2017-03-14 14:30 - 0001456 _____ () C:\Users\Acer\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-28 13:35 - 2016-03-28 13:35 - 0003584 _____ () C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-10 16:44 - 2014-12-10 19:44 - 0007602 _____ () C:\Users\Acer\AppData\Local\resmon.resmoncfg
2016-08-26 12:58 - 2016-08-26 12:58 - 0000000 _____ () C:\Users\Acer\AppData\Local\run.txt
2016-08-26 13:00 - 2016-08-26 13:00 - 0000001 _____ () C:\Users\Acer\AppData\Local\setupsuccessful.txt
2016-08-26 12:58 - 2016-08-26 13:00 - 0000000 _____ () C:\Users\Acer\AppData\Local\stxtname.txt
2012-11-08 12:11 - 2012-11-08 12:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-05 10:33 - 2014-09-05 10:33 - 0005041 _____ () C:\ProgramData\ypkpiykb.yyr

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-23 12:39

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 24 June 2017 - 10:22 AM

Greetings IamIsela and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Could you please copy and paste the contents of the Addition.txt file that should be the C:\Users\Acer\Downloads folder?

 

 

Running from C:\Users\Acer\Downloads


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 24 June 2017 - 01:02 PM

Thank you for your time. I will be able to reply asap, if anything changes, I'll be sure to notify you. 

 

Here's what you asked for:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by Acer (23-06-2017 16:26:34)
Running from C:\Users\Acer\Downloads
Windows 8.1 (Update) (X64) (2014-06-10 19:37:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Acer (S-1-5-21-1017176398-2508587879-3007524900-1001 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-1017176398-2508587879-3007524900-500 - Administrator - Disabled)
Guest (S-1-5-21-1017176398-2508587879-3007524900-501 - Limited - Disabled) => C:\Users\Guest
postgres (S-1-5-21-1017176398-2508587879-3007524900-1002 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (Version: 1.191.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
BitTorrent (HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CINEMA 4D 16.011 (HKLM\...\MAXON8B6F11F9) (Version: 16.011 - MAXON Computer GmbH)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.00 - NCH Software)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FilmConvert Pro AE (HKLM\...\{E47E5562-EB70-49E1-B3FB-45074495CAA7}) (Version: 1.2.1 - Rubber Monkey Software)
FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4911.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4911.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4911.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Premiere Pro (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Puran File Recovery 1.2 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.7.0 - ShareX Team)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Team Render Client 16.011 (HKLM\...\MAXONF3A6792B) (Version: 16.011 - MAXON Computer GmbH)
Trapcode Suite v13.1.0 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.1.0 - Red Giant, LLC)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WizTree v2.01 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Acer\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055DA3C7-CE35-4E35-B42F-EBF9B405C83A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {16BAB485-78CE-467B-9A32-AFBB37886E3D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-05-16] (Microsoft Corporation)
Task: {1787DE86-91F9-4375-8095-69E7C155449D} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {1F492C05-4961-4AAE-9FE9-B02EE31DA4F3} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2294E4EC-F69A-4096-9D94-BA6092E7E82E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3960F684-0872-4C35-ACDD-4ED1B723D8CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1017176398-2508587879-3007524900-1001UA => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-11] (Google Inc.)
Task: {3BAFCF9F-2488-402D-B6FF-E535A9922F83} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {6172C9C5-FFB4-4814-91C8-ADB246F50722} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {76CAA81F-CFCD-4D57-8561-F6F24919AE3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {7BE92773-5207-4BEF-A0E4-DD3FCE435661} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {8EBC1D60-6559-4F62-ACFE-211549F0E39A} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {9645F79F-1724-4855-B29B-80270505A73F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {9E3A9D55-0E64-41AB-B0D5-6F2646981463} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {A4D18001-610B-48B3-91C3-64A13055603A} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-iamisela@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {AAE93FF6-D9E2-4CB4-AC42-AA40111554C1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {AB03E4D4-D5F1-43A5-9306-74A7FF0140B7} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {B05E454E-BAD5-4CD9-A638-5EC746CFFB16} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1017176398-2508587879-3007524900-1001
Task: {B481B2E3-7E7B-4ABF-A0D6-58C57727CD31} - System32\Tasks\ALU_SelfUpgrade => C:\ProgramData\Acer\updater2\Download\52971984\D\UpgradeDownload.exe [2017-06-08] ()
Task: {C5A80BB8-DB02-4FAF-85D8-B0AEBF140794} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {D1DFA002-534A-4855-891F-077EA0D1D060} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-05] (Google Inc.)
Task: {D61BD918-344C-4F96-A6D1-5F1985E083D2} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-14] (AVG Technologies CZ, s.r.o.)
Task: {D61CEA94-FCCC-4C15-996B-6192E321F43D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {DC85A39D-D425-420F-8BE5-E129366598E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E586AE67-6200-48C6-AD02-FE9BF70B3F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-05] (Google Inc.)
Task: {E7EC51A8-3CEB-419C-848A-7CB5DC036C76} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E9B2591E-070E-42A5-87E1-8B796964F7AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F1671388-DC2E-4FB7-87C2-2632C2B12C26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1017176398-2508587879-3007524900-1001Core => C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-11] (Google Inc.)
Task: {F82FA55F-F96E-4C90-B7A6-11BA491B373F} - System32\Tasks\{E2F46E20-3D8A-4F0D-AD5C-72F3BB8734CE} => pcalua.exe -a C:\Users\Acer\Downloads\Duik_15.08_installer.exe -d C:\Users\Acer\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Acer\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Acer\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2016-11-26 21:43 - 2017-02-06 22:01 - 00981576 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-25 19:00 - 2017-01-31 05:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-04-19 15:43 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-17 21:40 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-12-27 18:42 - 2013-04-01 20:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2016-12-27 18:43 - 2012-08-14 06:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2017-04-24 18:39 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-08-22 15:04 - 2012-08-22 15:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 15:04 - 2012-08-22 15:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 23:26 - 2012-08-22 23:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2017-04-19 20:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-04-19 20:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-04-19 20:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-04-19 20:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-04-19 20:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-11-28 04:28 - 2016-11-28 04:28 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-12-09 15:09 - 2016-12-09 15:09 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-12-02 01:54 - 2016-12-02 01:54 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-12-09 15:09 - 2016-12-09 15:09 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-12-02 01:54 - 2016-12-02 01:54 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2012-11-08 12:15 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-04-24 18:31 - 00456628 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
127.0.0.1    activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
127.0.0.1    adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
127.0.0.1    lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1    wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1    www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com cmdls.adobe.com na1r.services.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com0.0.0.0    0.0.0.0
0.0.0.0    tracking.opencandy.com.s3.amazonaws.com
0.0.0.0    media.opencandy.com
0.0.0.0    cdn.opencandy.com
0.0.0.0    tracking.opencandy.com
0.0.0.0    api.opencandy.com
0.0.0.0    api.recommendedsw.com
0.0.0.0    installer.betterinstaller.com
0.0.0.0    installer.filebulldog.com
0.0.0.0    d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0    inno.bisrv.com
0.0.0.0    nsis.bisrv.com
0.0.0.0    cdn.file2desktop.com
0.0.0.0    cdn.goateastcach.us
0.0.0.0    cdn.guttastatdk.us
0.0.0.0    cdn.inskinmedia.com
0.0.0.0    cdn.insta.oibundles2.com
0.0.0.0    cdn.insta.playbryte.com
0.0.0.0    cdn.llogetfastcach.us
0.0.0.0    cdn.montiera.com
0.0.0.0    cdn.msdwnld.com
0.0.0.0    cdn.mypcbackup.com
0.0.0.0    cdn.ppdownload.com
0.0.0.0    cdn.riceateastcach.us
0.0.0.0    cdn.shyapotato.us

There are 15631 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AVG_UI"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run: => "AVGUI.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1017176398-2508587879-3007524900-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3FFC2FC1-C4F3-4A1B-A071-8BBC6DD12161}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25AA1556-83C5-48CB-B32A-9D5981F33052}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41444389-1D3F-490D-854E-0FC2A0E1D580}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{124DA289-2F1E-424D-9C9A-970D3498ECBF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61F815D1-BD08-4A51-8FCB-2D59C8006892}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{8BBC7966-6283-472F-B62B-29C2FB31C801}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{0238E5BC-CA45-4C66-8E77-F05754833072}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{88AC9015-38D2-407D-8E9E-B90C269C90EE}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [TCP Query User{1E9A4934-B67D-46FB-A4A8-982ABEC622C5}C:\users\acer\downloads\adobe tool v3.76 (beta)\adobe tool v3.76\adobetool.exe] => (Allow) C:\users\acer\downloads\adobe tool v3.76 (beta)\adobe tool v3.76\adobetool.exe
FirewallRules: [UDP Query User{A67EE5BF-5396-4B30-994B-3CD565ABFFD6}C:\users\acer\downloads\adobe tool v3.76 (beta)\adobe tool v3.76\adobetool.exe] => (Allow) C:\users\acer\downloads\adobe tool v3.76 (beta)\adobe tool v3.76\adobetool.exe
FirewallRules: [{EA588620-CBD5-457C-BD3F-00EA029237B1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{56C1A1E8-C45A-4A15-94B4-BA5D86C730AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A72709A-E13A-4404-803A-18CBBA838CE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{58377CCE-4F35-4B1A-893D-A7F3DF51F275}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FB46EEA0-BB30-40C5-A718-DAD1773B51FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{7F649ED4-41F4-4303-9E97-CB08E70BC162}C:\users\acer\downloads\bittorrent(1).exe] => (Allow) C:\users\acer\downloads\bittorrent(1).exe
FirewallRules: [UDP Query User{6DA24383-42DA-430A-A685-968C3199C471}C:\users\acer\downloads\bittorrent(1).exe] => (Allow) C:\users\acer\downloads\bittorrent(1).exe
FirewallRules: [TCP Query User{B0DF9E7E-32BA-4A96-8970-AF29485E85AE}C:\users\acer\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\acer\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [UDP Query User{A14E3640-CD22-4502-A258-B7FA774145C4}C:\users\acer\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\acer\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [{2A534C59-0C25-4CEF-AF9E-BFC277AAF615}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBC62236-C5FA-41C0-B004-A35257C65CF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA0FBB2E-FD1A-4097-ABDE-FF7B2BA07F83}] => (Allow) C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{92E16118-387F-41F9-9DF9-1AF83339A811}] => (Allow) C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{002BB0EA-2DAF-4C94-A679-EA1D57B29B2F}] => (Allow) C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{055A879F-B29D-4809-A93D-FA93A5CDAC83}] => (Allow) C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{03C2A9CD-67AD-4857-9C1B-19ED6E7FC9D2}] => (Allow) C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{243808F3-D3AE-4F4D-8A48-AE95432000DF}] => (Allow) C:\Users\Acer\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{F60D123A-AECC-4886-8A73-80B6A8AE50DC}C:\users\acer\appdata\roaming\bittorrent\updates\7.9.7_42331.exe] => (Block) C:\users\acer\appdata\roaming\bittorrent\updates\7.9.7_42331.exe
FirewallRules: [UDP Query User{5D6DD4B3-3C3E-4E80-AA35-A522B99EBEE2}C:\users\acer\appdata\roaming\bittorrent\updates\7.9.7_42331.exe] => (Block) C:\users\acer\appdata\roaming\bittorrent\updates\7.9.7_42331.exe
FirewallRules: [TCP Query User{AA6D90E6-0BA0-4E0D-90F0-437CC481B2BF}C:\program files\maxon\team render client r16\cinema 4d teamrender client.exe] => (Allow) C:\program files\maxon\team render client r16\cinema 4d teamrender client.exe
FirewallRules: [UDP Query User{93A019A4-FB02-4BF6-90FB-CBC9880A6DBE}C:\program files\maxon\team render client r16\cinema 4d teamrender client.exe] => (Allow) C:\program files\maxon\team render client r16\cinema 4d teamrender client.exe
FirewallRules: [{AACFDA55-C047-4D82-AF5E-097EAC4CE08E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2ACA987-04B4-4BFF-87EA-A8D5ABF1C125}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{018B5BDA-2006-40E1-AD0D-335FFF54DA44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F0A5C5B-1946-40EF-A9F8-481231C7EBFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD760937-3E80-475C-BB84-DB148F90C7FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A769024D-E486-4678-B8B4-8006B6C33D4E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{AA8ABF3B-03A0-4B1B-BBF9-0F8A943E3B34}C:\users\acer\appdata\roaming\bittorrent\updates\7.9.9_43389.exe] => (Block) C:\users\acer\appdata\roaming\bittorrent\updates\7.9.9_43389.exe
FirewallRules: [UDP Query User{3721924A-75B9-4C95-BB77-53C6801E39EA}C:\users\acer\appdata\roaming\bittorrent\updates\7.9.9_43389.exe] => (Block) C:\users\acer\appdata\roaming\bittorrent\updates\7.9.9_43389.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

22-06-2017 15:42:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2017 12:55:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (06/23/2017 12:04:28 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/23/2017 11:53:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (06/22/2017 07:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094

Error: (06/22/2017 07:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094

Error: (06/22/2017 07:51:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2017 07:27:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (06/22/2017 03:20:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/22/2017 03:05:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Error: (06/22/2017 12:44:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (06/23/2017 03:03:04 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (06/23/2017 02:10:26 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 01:40:25 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 01:10:26 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 01:06:33 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 12:58:16 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 12:56:22 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 12:55:19 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (06/23/2017 12:55:17 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.

Error: (06/23/2017 12:55:14 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.


CodeIntegrity:
===================================
  Date: 2017-04-07 19:24:53.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:52.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:52.576
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:52.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:51.946
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:51.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:51.301
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:50.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:50.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:24:50.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 59%
Total physical RAM: 5959.27 MB
Available physical RAM: 2399.88 MB
Total Virtual: 11459.27 MB
Available Virtual: 7001.53 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:443.83 GB) (Free:232.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C7DBD017)

Partition: GPT.

========================================================
Disk: 1 (Size: 18.6 GB) (Disk ID: E37CBDC0)

Partition: GPT.

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 24 June 2017 - 01:33 PM

Thank you for the information.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall All Adobe Products, and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 25 June 2017 - 04:00 PM

Sure thing. Give me three days to uninstall everything off of my laptop.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 25 June 2017 - 04:34 PM

No problem.

I appreciate your understanding. Just to clarify, I am only addressing software that requires a license or activation code. Free Adobe products (or other free products) are of no concern unless you downloaded them from an untrusted source.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 June 2017 - 05:04 PM

I understand. However,I'm having trouble uninstalling them. Would it be alright if I just restored it back to factory settings? My keyboard is getting progressively worse and I'd like to get to the bottom of this asap.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 26 June 2017 - 07:05 PM

You can certainly do that, assuming it isn't a mechanical problem. It sounds like something was spilled on the keyboard. Is that a possibility?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 June 2017 - 07:32 PM

Well, I did notice that it all started after I cleaned the keyboard with some alcohol and a cloth but I had also downloaded a shortcut program right before I shut it down. What I don't understand is why every keyboard I attach is also effected--even the on screen keyboard.the on screen keyboard sometimes show that the control keys get stuck. So I suppose I came here to know for sure whether this was a software issue or a hardware one.

#10 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 June 2017 - 07:33 PM

PS. My laptops origin keyboard is completely unresponsive now. However,I know it can read the control buttons because when the on screen keyboard denotes that they're stuck,I push them at the same time on my original keyboard and they get unstuck.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 27 June 2017 - 01:40 PM

Please attempt to do this.

===================================================

Uninstalling/Reinstalling a Device Driver

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time (you can also use the On Screen Keyboard)
  • Type devmgmt.msc and press Enter
  • Expand the Keyboards section by clicking + sign
  • Right click on the Standard PS/2 Keyboard (or something similar), select Uninstall, then OK
  • Reboot your computer
  • Check your keyboard performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 27 June 2017 - 05:51 PM

Unfortunately, that did not work and I cannot restore to factory settings without a disc(which I don't have) and I'm having trouble uninstalling the adobe programs. Do you still want me to send you the logs?

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 27 June 2017 - 06:03 PM

Hold off on the logs.

Please do this.

===================================================

Disabling a Device Through Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Keyboards section by clicking + sign
  • Right click on the Standard PS/2 Keyboard entry and select Disable
  • Click Yes on the warning screen
  • Test your external USB keyboard
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:41 PM

Posted 30 June 2017 - 09:59 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 IamIsela

IamIsela
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 30 June 2017 - 06:57 PM

I'm sorry for the late reply. Nothing worked. I've decided to take it in to a shop. You can close this.


That being said, thank you for your time!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users