Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help- infected- Requested Resource Is In Use


  • This topic is locked This topic is locked
24 replies to this topic

#1 JaKnuckles

JaKnuckles

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 01 August 2017 - 10:10 AM

hello all- I have been having a Trojan/malware issue.. PC is super slow, cant download any antivirus, all sorts of pop-up tabs on internet explorer. I happened upon the bleepingcomputer guide to remove "Requested Resource Is In Use". https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error/

 

I can get up to step 7: I doubleclick Zemana and it doesn't start. a pop up that says "the requested resource is in use". Up until this point I followed the steps exactly.

 

Any help would be appreciated.


Edited by hamluis, 01 August 2017 - 11:01 AM.
Moved to MRL at MRT request - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 01 August 2017 - 10:11 AM

Hi JaKnuckles :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 02 August 2017 - 06:24 AM

Yoan- I truly appreciate your help. I started the MBAR scan last night...it was working fine but took a long time... had to go to bed- Upon awaking it is not responding. It locked up before I could perform the cleanup step. See screen shot attached(it found quite a few issues)

 

I will start scan again before I leave for work and update you once I return.

 

 

Attached Files



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 02 August 2017 - 07:22 AM

If you close all your programs, make sure MBAR is the only program window open and do no touch your computer while it scans, it'll eventually go through. If it doesn't by the time you get back from work, let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 03 August 2017 - 10:43 AM

Hey there Yoan,

I got through the scan and the clean up last night and this morning. It found over 15K issues to clean. When I tried to copy/paste the log into this forum it was stuck on "saving post"... I had to leave for work and I was hoping it would add it while I was commuting. Now at work I can see that it did not add my post. I will try again to upload that log file- it was large...like 5MB. Let me know what you think.

 

Thanks for your assistance.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 03 August 2017 - 11:43 AM

You can attach the log here instead of copy/pasting it, it's fine :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 03 August 2017 - 02:42 PM

here is the file.

Attached Files


Edited by JaKnuckles, 03 August 2017 - 02:43 PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 03 August 2017 - 02:49 PM

Good :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 03 August 2017 - 09:36 PM

See attached log file. let me know what you think next.

 

As always thanks.

Attached Files



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 04 August 2017 - 07:06 AM

Good :) Now we'll run a sweep with AwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes;
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 August 2017 - 03:47 PM

AdwCleaner log is below...downloading JRT now. 

 

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 04 20:39:27 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
Deleted: C:\Program Files (x86)\OApps
Deleted: C:\Program Files (x86)\S5
Deleted: C:\Program Files (x86)\FilePlus
Deleted: C:\Users\Jason\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\Jason\AppData\Roaming\devnull
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\llssoft
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft
Deleted: C:\Users\Jason\AppData\Local\llssoft
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\Jason\AppData\Local\SwvUpdater
Deleted: C:\Users\Jason\AppData\Local\Smartbar
Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Deleted: C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

***** [ Files ] *****

Deleted: C:\END
Deleted: C:\Users\Jason\AppData\Roaming\LiveSupport.exe_log.txt
Deleted: C:\Users\Jason\AppData\Roaming\regsvr32.exe_log.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7FC25D12-4726-4E59-82B9-3646C36EC852}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A80E5B29-CD98-4345-92A0-6451DD531633}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safesear.ch
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.safesear.ch
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\allinonedocs.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d169bbxks24g2u.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d169bbxks24g2u.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\painttool-sai.en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plusnetwork.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safesear.ch
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.plusnetwork.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cdncache-a.akamaihd.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\safesear.ch
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.safesear.ch
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\safesear.ch
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.safesear.ch
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\SearchUrl|Default [http:\\www.safesear.ch\web\?type=20170212-135-sshome-ie-df&q={searchTerms}]
Deleted: [Key] - HKU\.DEFAULT\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-18\Software\ImInstaller
Deleted: [Key] - HKCU\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\BRS
Deleted: [Key] - HKCU\Software\BRS
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\.DEFAULT\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-18\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\Updater By Sweetpacks
Deleted: [Key] - HKLM\SOFTWARE\SweetIM
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ
Deleted: [Key] - HKLM\SOFTWARE\FFinder LTD
Deleted: [Key] - HKU\.DEFAULT\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-18\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
Deleted: [Key] - HKLM\SOFTWARE\InstallCore
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.myway.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [14101 B] - [2017/8/4 20:37:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



#12 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 August 2017 - 03:56 PM

JRT log below

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Jason (Administrator) on Fri 08/04/2017 at 16:49:51.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 4

Failed to delete: C:\Users\Jason\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\system32\Tasks\0 (Task)

 

Registry: 5

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji (Registry Key)
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/04/2017 at 16:54:14.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 AM

Posted 04 August 2017 - 04:00 PM

Good :) Now let's run a scan with FRST to see if there are any remnants left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 August 2017 - 04:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Jason (administrator) on BRINGIT (04-08-2017 17:17:23)
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason &  (Available Profiles: Jason & Lori)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Tenorshare Co,Ltd) C:\Program Files (x86)\ReiBoot\TenorshareReibootService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Avanquest\SystemSuite\Antivirus\SBRC.exe [201608 2012-11-06] (GFI Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [CIRAP] => C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe [604304 2012-07-06] (ITE Tech. Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2182444393-3941147326-182912352-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2182444393-3941147326-182912352-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2182444393-3941147326-182912352-1001\...\MountPoints2: {aaa9f40b-cee5-11e2-be8c-806e6f6e6963} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\...\MountPoints2: {aaa9f40b-cee5-11e2-be8c-806e6f6e6963} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2182444393-3941147326-182912352-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{34c300c3-850b-449a-a9de-c72919cd2c1a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{876e431d-878f-41c8-8d86-9a1694a74a3b}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{dbd5cc62-2922-4b06-9bea-aa3d4e5aabee}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-2182444393-3941147326-182912352-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {FF21D89C-53E3-4F6E-B069-1C6FB5EBB5F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {FF21D89C-53E3-4F6E-B069-1C6FB5EBB5F6} URL =
SearchScopes: HKU\.DEFAULT -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685 -> DefaultScope {FF21D89C-53E3-4F6E-B069-1C6FB5EBB5F6} URL =
SearchScopes: HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2012-11-09] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-29] (Oracle Corporation)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-12-12] (Wondershare)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-29] (Oracle Corporation)
DPF: HKLM-x32 {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} hxxps://acsap.acsbps.com/ltocx12n.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

Edge:
======
Edge Extension: (Microsoft Rewards) -> EdgeExtension_MicrosoftMicrosoftRewards_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MicrosoftRewards_0.9.5.0_neutral__8wekyb3d8bbwe [2017-04-20]

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default [2017-08-04]
CHR Extension: (Google Slides) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-29]
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-29]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-29]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-29]
CHR Extension: (Google Sheets) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-29]
CHR Extension: (Google Docs Offline) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-29]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe [113528 2015-07-20] (Avanquest Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
S3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [399120 2014-06-17] (Hauppauge Computer Works, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 PGService; C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe [53616 2012-08-22] (PointGrab LTD)
S2 SystemSuite Task Manager; C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe [534456 2015-07-20] (Avanquest Software)
R2 TenorshareReibootService; C:\Program Files (x86)\ReiBoot\TenorshareReibootService.exe [33208 2016-10-25] (Tenorshare Co,Ltd)
S2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\SystemSuite\VcomCloudAgent.exe [142712 2015-07-20] (Avanquest Software North America)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AQFileRestore; C:\WINDOWS\System32\DRIVERS\AQFileRestore.sys [22088 2015-07-20] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-08-03] ()
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 hcwE5bda; C:\WINDOWS\system32\drivers\hcwE5bda.sys [969048 2014-04-29] (Hauppauge Computer Work, Inc.)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [27856 2015-06-03] (ITE Tech. Inc. )
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-04] (Malwarebytes)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows ® Codename Longhorn DDK provider)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 17:17 - 2017-08-04 17:19 - 000020837 _____ C:\Users\Jason\Desktop\FRST.txt
2017-08-04 17:17 - 2017-08-04 17:17 - 000000000 ____D C:\FRST
2017-08-04 17:16 - 2017-08-04 17:16 - 002381312 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe
2017-08-04 16:54 - 2017-08-04 16:54 - 000001476 _____ C:\Users\Jason\Desktop\JRT.txt
2017-08-04 16:47 - 2017-08-04 16:47 - 001790024 _____ (Malwarebytes) C:\Users\Jason\Desktop\JRT.exe
2017-08-04 16:35 - 2017-08-04 16:39 - 000000000 ____D C:\AdwCleaner
2017-08-04 16:34 - 2017-08-04 16:34 - 008185288 _____ (Malwarebytes) C:\Users\Jason\Desktop\AdwCleaner.exe
2017-08-03 22:48 - 2017-08-03 22:50 - 000000081 _____ C:\Users\Jason\Desktop\IN Case of VIRUS.txt
2017-08-03 22:29 - 2017-08-03 22:31 - 002320663 _____ C:\Users\Jason\Desktop\malware 0803.txt
2017-08-03 22:27 - 2017-08-03 22:27 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-03 17:32 - 2017-08-04 16:41 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-03 17:32 - 2017-08-04 16:41 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-03 17:32 - 2017-08-04 16:41 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-03 17:32 - 2017-08-03 19:16 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-03 17:32 - 2017-08-03 19:16 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-03 17:32 - 2017-08-03 17:32 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-03 17:32 - 2017-08-03 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-03 17:32 - 2017-08-03 17:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-02 07:16 - 2017-08-02 07:20 - 000000000 ____D C:\Users\Jason\AppData\Local\Deployment
2017-08-01 23:09 - 2017-08-04 16:41 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-01 23:09 - 2017-08-03 19:08 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-01 23:08 - 2017-08-01 23:08 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Jason\Downloads\mbar-1.09.4.1001.exe
2017-08-01 23:07 - 2017-08-01 23:07 - 000000000 _____ C:\Users\Jason\Desktop\mbar-1.09.4.1001.exe.uv4wky8.partial
2017-08-01 23:06 - 2017-08-03 07:58 - 000000000 ____D C:\Users\Jason\Desktop\mbar
2017-08-01 09:47 - 2017-08-01 09:47 - 000000000 ____D C:\Users\Jason\AppData\Local\Zemana
2017-08-01 09:40 - 2017-08-01 09:56 - 000002614 _____ C:\Users\Jason\Desktop\Rkill.txt
2017-08-01 09:37 - 2017-08-01 09:37 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\danpedro.exe
2017-08-01 09:31 - 2017-08-01 09:31 - 001112880 _____ (Symantec Corporation) C:\Users\Jason\Downloads\NSDeluxeDownloader.exe
2017-07-26 17:35 - 2017-07-26 17:35 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2182444393-3941147326-182912352-1001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 16:45 - 2017-04-24 23:24 - 001734880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-04 16:43 - 2014-09-18 20:22 - 000000000 ___RD C:\Users\Jason\iCloudDrive
2017-08-04 16:42 - 2014-10-20 20:20 - 000000000 __SHD C:\Users\Jason\IntelGraphicsProfiles
2017-08-04 16:40 - 2017-04-24 23:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-04 16:40 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-04 16:32 - 2017-04-24 22:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-03 22:38 - 2017-04-24 22:55 - 001765272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-03 22:36 - 2017-04-24 22:59 - 000000000 ____D C:\Users\Jason
2017-08-03 22:20 - 2017-06-08 20:19 - 000000000 ____D C:\Users\Jason\AppData\Roaming\AGData
2017-08-03 17:32 - 2013-04-20 08:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-03 15:42 - 2017-06-11 08:51 - 000000000 ____D C:\Program Files (x86)\Avast SafeZone
2017-08-03 08:55 - 2017-06-11 08:52 - 000003998 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1497185501
2017-08-03 08:55 - 2017-06-11 08:51 - 000001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-03 08:05 - 2016-08-15 09:08 - 000000000 ____D C:\Users\Jason\AppData\Local\ConnectedDevicesPlatform
2017-08-03 07:31 - 2017-06-08 20:19 - 000000000 ____D C:\Users\Jason\AppData\Local\txgdrpj
2017-08-01 23:40 - 2017-04-24 23:27 - 000003488 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-08-01 09:52 - 2017-06-11 10:01 - 000000000 ____D C:\Program Files\SmartPCFixer
2017-08-01 09:11 - 2017-06-08 20:20 - 000000528 ____H C:\Users\Jason\AppData\Local\mode3.bin
2017-08-01 09:10 - 2017-06-08 20:20 - 000000792 ____H C:\Users\Jason\AppData\Local\@system.temp
2017-08-01 08:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-01 08:07 - 2017-05-03 05:19 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-01 08:07 - 2016-01-06 05:41 - 000200908 ____N C:\WINDOWS\Minidump\080117-35781-01.dmp
2017-07-28 23:02 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-26 17:35 - 2015-11-01 21:05 - 000002404 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-26 17:35 - 2015-11-01 21:05 - 000000000 ___RD C:\Users\Jason\OneDrive
2017-07-25 16:58 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-25 16:57 - 2013-06-12 22:56 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-07-12 23:34 - 2013-04-19 17:09 - 000000000 ____D C:\Users\Jason\AppData\Local\ElevatedDiagnostics
2017-07-11 08:24 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-11 08:24 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-09 20:14 - 2016-01-06 05:41 - 000204044 ____N C:\WINDOWS\Minidump\070917-48609-01.dmp
2017-07-05 18:48 - 2016-01-06 05:41 - 000203084 ____N C:\WINDOWS\Minidump\070517-43109-01.dmp

==================== Files in the root of some directories =======

2016-05-12 15:46 - 2016-05-12 15:46 - 000001319 _____ () C:\Users\Jason\AppData\Roaming\Roaming - Shortcut.lnk
2017-06-08 20:25 - 2017-06-08 20:25 - 000000008 ____H () C:\Users\Jason\AppData\Local\@000001.dat
2017-06-08 20:20 - 2017-08-01 09:10 - 000000792 ____H () C:\Users\Jason\AppData\Local\@system.temp
2017-06-08 20:20 - 2017-08-01 09:11 - 000000528 ____H () C:\Users\Jason\AppData\Local\mode3.bin
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Jason\AppData\Local\report
2013-04-20 08:46 - 2013-04-20 08:46 - 000007597 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-11-30 18:08 - 2015-11-30 18:08 - 000000000 _____ () C:\Users\Jason\AppData\Local\{42768654-0A92-45E7-A808-E9087F31B66C}
2017-06-06 21:39 - 2017-06-06 21:39 - 000005111 _____ () C:\ProgramData\czchsjpj.srw
2013-10-06 17:38 - 2013-10-06 17:38 - 000000012 ___RH () C:\ProgramData\deskjet
2012-12-21 15:27 - 2012-12-21 15:27 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-06 17:38 - 2013-10-06 17:38 - 000000012 ___RH () C:\ProgramData\filter
2013-10-06 17:38 - 2013-10-06 17:38 - 000000012 ___RH () C:\ProgramData\howto
2013-10-06 17:38 - 2013-10-06 17:38 - 000000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-10-06 17:38 - 2014-06-08 18:19 - 000000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-10-06 17:38 - 2013-10-06 17:38 - 000000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-10-06 17:38 - 2013-10-06 17:38 - 000000268 ___RH () C:\ProgramData\User Loops
2013-10-06 17:38 - 2013-10-06 17:38 - 000000268 ___RH () C:\ProgramData\User Pictures
2013-10-06 17:38 - 2013-10-06 17:38 - 000000268 ___RH () C:\ProgramData\Utilities
2014-04-23 19:32 - 2014-04-23 19:32 - 000000000 _____ () C:\ProgramData\_r_a_p_.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 10:19

==================== End of FRST.txt ============================



#15 JaKnuckles

JaKnuckles
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 August 2017 - 04:26 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Jason (04-08-2017 17:20:47)
Running from C:\Users\Jason\Desktop
Windows 10 Home Version 1703 (X64) (2017-04-25 03:39:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2182444393-3941147326-182912352-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2182444393-3941147326-182912352-503 - Limited - Disabled)
Guest (S-1-5-21-2182444393-3941147326-182912352-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2182444393-3941147326-182912352-1006 - Limited - Enabled)
Jason (S-1-5-21-2182444393-3941147326-182912352-1001 - Administrator - Enabled) => C:\Users\Jason
Lori (S-1-5-21-2182444393-3941147326-182912352-1004 - Administrator - Enabled) => C:\Users\Lori

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avanquest SystemSuite (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avanquest SystemSuite (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}) (Version: 8.0.0.21 - ArcSoft)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2008 - CyberLink Corp.) Hidden
ConverterLite 1.6.3 (HKLM-x32\...\ConverterLite) (Version: 1.6.3 - ConverterLite)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
DVD Architect Studio 5.0 (HKLM-x32\...\{3822E74F-08F8-11E3-99EE-F04DA23A5C58}) (Version: 5.0.186 - Sony)
Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.32168 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.3.32167 - Hauppauge Computer Works, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HGTV Home and Landscape Platinum Suite (HKLM-x32\...\{ADEE84F6-E408-4F1A-B58E-3C4723B1613E}) (Version: 3.0 - Nova Development) Hidden
HGTV Home and Landscape Platinum Suite (HKLM-x32\...\InstallShield_{ADEE84F6-E408-4F1A-B58E-3C4723B1613E}) (Version: 3.0 - Nova Development)
HGTV Instant Makeover Workshop (HKLM-x32\...\{8EA053AE-DC8F-44C0-9090-DAB1D7F56831}) (Version: 1.00.0000 - Nova Development)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3003 - Acer Incorporated)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.02.0013 - ITE)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
iZotope Audio Enhancer (HKLM-x32\...\iZotope Audio Enhancer_is1) (Version: 1.00 - iZotope, Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8102 - Acer Incorporated)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4945.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2182444393-3941147326-182912352-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
NewBlue VideoFX for Sony Vegas MSPPS (HKLM-x32\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
PCCare Anti-Malware 2016 (HKLM\...\PCCare Anti-Malware 2016) (Version:  - PCCare Software)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.2.4.0 - iMobie Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PointGrab Hand Gesture Control (HKLM-x32\...\{4B145183-E986-4585-ADDF-0C73DB575112}) (Version: 3.2.0.10495 - PointGrab) Hidden
PointGrab Hand Gesture Control (HKLM-x32\...\InstallShield_{4B145183-E986-4585-ADDF-0C73DB575112}) (Version: 3.2.0.10495 - PointGrab)
PointGrab Hand Gesture Control Tutorial (HKLM-x32\...\{92586A21-3E08-4055-B413-8ACCAAB50A42}) (Version: 3.2.0.9896 - PointGrab) Hidden
PointGrab Hand Gesture Control Tutorial (HKLM-x32\...\InstallShield_{92586A21-3E08-4055-B413-8ACCAAB50A42}) (Version: 3.2.0.9896 - PointGrab)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.31 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
ReiBoot  (HKLM-x32\...\ReiBoot) (Version:  - Tenorshare, Inc.)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0017-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{98223B6C-F59E-4928-B553-43605D52ED19}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sony Vocal Eraser (HKLM-x32\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{BC208D90-4643-11E3-987B-F04DA23A5C58}) (Version: 10.0.252 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stencyl (HKLM-x32\...\Stencyl) (Version: /root/.jenkins/jobs/Stencyl-Windows/workspace/build - Stencyl, LLC)
SystemSuite (HKLM-x32\...\{2ED899D2-5788-4C25-9CDE-F6117B7A4BA4}) (Version: 15.6.2.7 - Avanquest)
SystemSuite (HKLM-x32\...\{CFE8121D-67CE-4828-ADDD-F8AC1845C37E}) (Version: 14.5.2.14 - Avanquest) Hidden
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{7E734C70-7F67-11E1-82AA-F04DA23A5C58}) (Version: 11.0.322 - Sony)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.1 - Nikon)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2182444393-3941147326-182912352-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-01-17] (Apple Inc.)
ContextMenuHandlers1: [SystemSuite Menu] -> {7D225AF1-CE2D-4C16-A95B-05B52ED33A95} => C:\Program Files (x86)\Avanquest\SystemSuite\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers2: [SystemSuite Menu] -> {7D225AF1-CE2D-4C16-A95B-05B52ED33A95} => C:\Program Files (x86)\Avanquest\SystemSuite\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2012-07-11] (Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (Egis Technology Inc.)
ContextMenuHandlers4: [SystemSuite Menu] -> {7D225AF1-CE2D-4C16-A95B-05B52ED33A95} => C:\Program Files (x86)\Avanquest\SystemSuite\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0163d666-1d15-4997-8d91-01b9b31755eb} - no filepath
Task: {04D4CDC2-B4B7-4BA3-BCB9-9C0A0E9C04F3} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {05BF6448-4C4A-4694-9ECB-5ABAA7C0E07F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {08ACAF32-16C7-4DC1-8759-7449B4732408} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {0ADD80F2-D7D3-46E3-9093-9F217498CDC4} - System32\Tasks\SafeZone scheduled Autoupdate 1497185501 => C:\Program Files (x86)\Avast SafeZone\launcher.exe [2017-05-17] (Avast Software)
Task: {0E6CE78C-0112-454F-AA15-94CB36EC9E85} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {10AEB494-69F6-4723-B300-2EE3AE110762} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-08-06] (Acer Incorporated)
Task: {24313408-6AFE-4FED-8796-912635AF74C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35E8AF0C-7E89-4F26-869D-C985682929E6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {38A73A5C-4CC6-436A-B41B-937FD508D51A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2016-07-06] ()
Task: {42987BE6-4301-4B38-B5E9-C83CC227E845} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {474284A2-5BC2-4336-88A0-31FC6141B09B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {4A07A4CB-2212-4E2C-A5AE-69886327F1D2} - System32\Tasks\{E59F9AE7-1219-4F21-8882-7FE1CB2AAFEF} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jason\AppData\Local\Microsoft\Windows\INetCache\IE\K8ZWGZ2H\forge-1.8-11.14.3.1450-installer-win.exe -d C:\Users\Jason\Desktop
Task: {4FAC9EBB-2542-4CF7-BC4B-3B8BF54A3FFD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {4FBE5C26-7D13-4A76-A4B9-ACF821D9A013} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5186297C-2F53-4D68-958D-C83933ECC8DA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2016-07-06] ()
Task: {5333B2B5-1319-4A48-8513-B575C00786AF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {60D6B458-713F-487E-80AD-D176E8DE0719} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7244E6D4-FF6F-4409-AD7D-A37D2DC61932} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {733F4329-0BC4-4CE6-96B8-10AD4BB6CF06} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {7D82DF41-0799-49CF-9DD5-4B320810CC2B} - \WPD\SqmUpload_S-1-5-21-2182444393-3941147326-182912352-1004 -> No File <==== ATTENTION
Task: {8ACBDECF-42E9-4A81-8249-EF3F537F1E7E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {A5B5FE69-E7B6-4276-BCCC-1AD6FD6604EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {AB96B6F9-B039-469B-B418-5A0F340500F0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AD3A1EBD-EBC9-4907-AFC5-C80FE97BECD7} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {B9A8FA82-0146-498B-91E3-054283BDF70A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C545CF14-0DA9-45C6-A94F-5EEE0FFB2E6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D40D62E7-2B8F-4011-A2DC-E49E4124FF29} - System32\Tasks\ALU_SelfUpgrade => C:\ProgramData\Acer\updater2\Download\52971984\D\UpgradeDownload.exe [2017-06-02] ()
Task: {D7AFA251-7859-4535-9D56-7FFAD34D15C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFA3C4EF-317A-40FE-847B-93542393BBB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {EFB2EA24-33C1-4A70-925A-8AECA911E500} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F0BF3331-3D19-4220-B892-E16DEE91794A} - System32\Tasks\AdobeAAMUpdater-1.0-BringIt-Lori => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-08-27] (Adobe Systems Incorporated)
Task: {F55B574B-C704-4573-89EE-E2747FA26C7E} - \WPD\SqmUpload_S-1-5-21-2182444393-3941147326-182912352-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Jason\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-03 17:32 - 2017-08-03 19:16 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-08-21 19:17 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-21 23:08 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-21 21:12 - 2012-06-21 21:12 - 001407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2016-04-09 09:11 - 2015-07-20 20:17 - 000592248 ____N () C:\Program Files (x86)\Avanquest\SystemSuite\sqlite3x64.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2012-12-21 15:26 - 2012-06-24 22:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551448\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551611\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2182444393-3941147326-182912352-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2182444393-3941147326-182912352-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171551712\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2182444393-3941147326-182912352-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08042017171552685\Control Panel\Desktop\\Wallpaper -> C:\Users\Lori\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{1599CCD0-0DFF-4D1B-AA10-73C9BDE15F96}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F8F510B2-5B30-45CF-B637-AF7EA246BA40}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{0E5DC0D0-E5D6-4A62-9630-896589727596}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1474B922-32F8-4522-92ED-7AC8BF887525}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FEB86674-5A78-466A-8C83-501FB99ABC55}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ACB783D1-1723-4555-B305-D0421CD939B7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D95BFE61-BD70-4680-A430-23CAFF514099}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EF2074AA-6651-4AB4-841C-3F6595A13616}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5BA57B29-D5B6-4680-B16A-DF161EDD578F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D594A4DF-6D86-4DBE-A6D7-725A4AFA56A0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [UDP Query User{DDBEDCC5-FE9E-4E5E-9C5A-E91EE1F4BDF0}C:\users\jason\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\jason\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{2B52C357-5F43-480A-AB98-7B8C5C4352D2}C:\users\jason\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\jason\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{2D543E83-A17A-44E4-97DE-E86425BF5044}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{BFCA41A4-BA8D-42CA-8BC0-141C6FD257B2}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{A18C2611-5B12-4002-BAC4-2C5CEA495078}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9B5B3EB1-D48E-4E4B-8252-722E9AC13EBB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A400C140-55B5-4752-9BBD-FA9760018EB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{776341F4-0C2D-4A07-A1F9-9113658772A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09B1C497-4C75-4A11-AFA5-11E5748F8A1A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1BA59990-523B-4879-B059-EF88B9F6E4A2}] => (Allow) C:\Users\Jason\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6C5E12C1-9305-4CBD-991C-B805CE9BCD8E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B18A6A6C-AB6D-42CC-A84C-C0CD207C90D2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9EBCDF4A-2BA7-4C1C-BED0-2D81547D8971}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{7FA0B997-C6C6-4109-A4B0-E95873B9F78F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{E2B80AF0-5881-404D-BB65-F64F9C08D714}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{E5B2629E-52FC-4CA5-B6A1-F1B073883191}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{1A035044-6825-43F4-B656-B0263C58A11E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{555D7991-20E1-47ED-AA35-EC94BD57DF1B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0808CF64-1C7B-4F6A-99D1-2E33286A54F9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{18C72A9B-6962-434E-90A8-309B4DB7B021}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{D05F2EAB-C141-4E0F-B1C1-ED3BCB3F9ACF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{74433EC1-C871-42D4-B4FA-ABDE3D085D97}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{B38D18D8-57E7-4C04-8609-CD3A4251CF01}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{715D3B08-FCA7-4E6F-8823-BCEB4DEFE692}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{87F3EB71-08D9-4C17-AD6D-9A107B318514}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{2CAEC4C3-12F1-4CFF-B1CB-767AA701273F}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{DF758A40-E94F-40E8-AA3A-9F3D721509E5}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4DF770D3-A29D-4213-A36C-49550F536747}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{DBC91A36-2E30-491A-8526-AAD082E9D619}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [TCP Query User{561778A5-3839-47C2-AE7F-A087B9557B2A}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [UDP Query User{2576B317-D311-4E52-BE80-C01B5610F1EB}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [TCP Query User{9061C53F-EB0F-45FD-AE92-CABA6F44C560}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{428066CE-4DF3-4057-BAD8-FD7E42E2C6A6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{FAAFCAB7-B64D-41CC-AF65-611DDB9279D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe
FirewallRules: [{B9DB4BE6-E090-458D-B4FD-AADDCD6590F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2014 Demo\DotP_D14.exe
FirewallRules: [{0458E618-D68C-43B0-B1CE-1A651B927754}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015 Demo\DotP_D15.exe
FirewallRules: [{FA3379CB-F57D-40EF-92B5-5C8F08F9AC1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015 Demo\DotP_D15.exe
FirewallRules: [{019352CE-2FF3-4B6F-B051-DB66E6F93EC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{F54F5219-B47E-4B78-B085-E01D76E81678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{87BFA48C-0E2C-4E1F-B726-F043492553BF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B198B40B-49FB-45FD-81A3-8F6FC9BE72D0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DE373697-20AC-4E7A-9F81-58FF7FED1FF8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{2B804FF3-839E-4353-B496-7425CF518729}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8855F2BC-67E5-4AC9-BBCB-2AA372674FCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC5ED204-1EC5-45F9-8F6E-34B887392435}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{362ADF32-753D-42FC-97CC-8D3F1BE79AC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{51885443-F4CE-493A-80C2-D0735913D24C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56D385B0-2BE4-4295-8840-69D2B103F7B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C04E47ED-24C4-45A9-9E31-872740758828}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{B8318715-A45A-4FBD-BECE-25615202797C}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EE5A078C-BBCE-4748-8517-A5EDFAE2C263}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9BCB7ECE-8F3F-4DB0-970A-42B7716ED49D}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A7E6941E-A348-4426-8655-E251A94DF877}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{A5BFF979-D7F0-489D-9D3F-F76F1864215C}] => (Allow) C:\WINDOWS\system32\rundll32.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2017 05:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpgradeDownload.exe, version: 1.0.0.0, time stamp: 0x4fed4446
Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0x28e9cf15
Exception code: 0xe0434352
Fault offset: 0x000eb802
Faulting process id: 0x17f4
Faulting application start time: 0x01d30d65e4d4d588
Faulting application path: C:\ProgramData\Acer\updater2\Download\52971984\D\UpgradeDownload.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9da6e45e-0fca-4216-8134-4a0cd0b14f3a
Faulting package full name:
Faulting package-relative application ID:

Error: (08/04/2017 05:09:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: UpgradeDownload.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
   at SharpBits.Base.BitsManager..ctor()
   at UpgradeDownload.Program.Main(System.String[])

Error: (08/04/2017 04:43:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x2390
Faulting application start time: 0x01d30d624752932e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 84e2d08f-1bdc-4f97-88f8-c7ef29ac182d
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:43:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x2248
Faulting application start time: 0x01d30d6244ec1b0f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 0ac61417-eef9-4cdb-8182-7ebb49638163
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x2104
Faulting application start time: 0x01d30d62430c8337
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: fbab6b0f-5ab3-4574-a42c-a96ff51890fb
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x1cf4
Faulting application start time: 0x01d30d6240e5dd72
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 060bb4a5-9565-4b1e-880e-0e6bf93e5114
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:42:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x1e90
Faulting application start time: 0x01d30d623e3c8055
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 87b91a62-0ca7-4ef5-9333-073d929e4160
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x1cc0
Faulting application start time: 0x01d30d6231e1a2a9
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 7ba0945d-f018-49f6-9004-b7dee5305d58
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:32:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x4a8
Faulting application start time: 0x01d30d60ce66c12a
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 2dd525d6-ee2e-464e-864a-2d4eb5e2c5ef
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (08/04/2017 04:32:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.0, time stamp: 0x58ccbc95
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x1f10
Faulting application start time: 0x01d30d60cc33f64a
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: e9e05532-d46a-4d43-a6ff-03b56147ee3f
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

System errors:
=============
Error: (08/04/2017 04:42:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/04/2017 04:42:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/04/2017 04:41:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemSuite Task Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/04/2017 04:41:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VCOMCloudAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/04/2017 04:41:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VCOMCloudAgent service to connect.

Error: (08/04/2017 04:41:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemSuite Task Manager service to connect.

Error: (08/04/2017 04:41:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PGService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/04/2017 04:41:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PGService service to connect.

Error: (08/04/2017 04:40:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The request is not supported.

Error: (08/04/2017 04:40:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

CodeIntegrity:
===================================
  Date: 2017-06-08 20:19:49.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:19:49.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:18:29.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:18:29.552
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:18:29.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:18:29.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:15:33.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:15:33.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:15:18.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-08 20:15:18.237
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 68%
Total physical RAM: 3982.49 MB
Available physical RAM: 1272.6 MB
Total Virtual: 4238.49 MB
Available Virtual: 1653.08 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:911.26 GB) (Free:697.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 44474358)

Partition: GPT.

==================== End of Addition.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users