Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apps sometimes don't start when I start my laptop


  • This topic is locked This topic is locked
24 replies to this topic

#1 ElectricYouth

ElectricYouth

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 November 2017 - 06:11 AM

3 Months ago, the apps on my laptop wouldn't start sometimes when I started my laptop. Back then I got the error "csrbtproxy.dll is missing" and then had to reboot to fix it. I opened a thread here: https://www.bleepingcomputer.com/forums/t/654856/csrbtproxydll-is-missing/

 

I followed the steps provided in that thread. I don't get the csrbtproxy.dll error anymore, but the apps still don't start from time to time. User boopme told me to perform steps 6 and 7 of this guide: https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

I have included the logs below.

 

Note: I use Kaspersky Total Security and Malwarebytes 3.0
Sometimes when I open firefox, I get this pop up that a certain site isn't safe, even though I am not on that site. I think this started when I created an account on Twitch. I don't know if these are pop ups that are trying to show up or not, I forgot the name of the error, but it was something about websites having security issues I think.

 

Also malwarebytes 3.0 sometimes refuses to turn on live web protection. I created a thread on the malwarebytes forum and they said I need to follow some steps. But I decided not to do that yet, or else it could intervene with the steps I'm following on bleepingcomputer.

 

If I need to provide more information, please let me know. Thanks for your time guys!

 

 

Logs FRST.text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by CensoredName (administrator) on FLASH (20-11-2017 11:47:58)
Running from C:\Users\CensoredName\Downloads
Loaded Profiles: UpdatusUser & CensoredName (Available Profiles: UpdatusUser & CensoredName)
Platform: Windows 8.1 (Update) (X64) Language: Engels (Verenigde Staten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
() C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\plugin-nm-server.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe [411912 2016-12-22] ()
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-06-23] (Spotify Ltd)
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\MountPoints2: {a570df3b-fb08-11e3-8257-806e6f6e6963} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\setup.exe
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-06-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{34D9EC41-CEEA-4F19-9352-19F0163D8C42}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C405594E-A5AE-4571-9EC0-2B0865EF48DE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E4317A81-9BFD-4408-B20C-893F46D43E8B}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
URLSearchHook: [S-1-5-21-53665365-1931806507-4076513649-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> DefaultScope {A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} URL =
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> {A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} URL =
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-05-05] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-05-05] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-05-05] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-05-05] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF DefaultProfile: fnmz2i9z.default
FF ProfilePath: C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default [2017-11-20]
FF Extension: (Bewaart je logins, wachtwoorden, notities en identiteiten en beschermt ze met het hoofdwachtwoord.) - C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default\Extensions\kpm_win_add_on@kaspersky.xpi [2017-08-10]
FF Extension: (Library Access) - C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default\Extensions\{809ea8a3-a45d-41a2-9cb0-e7c7d7321db5}.xpi [2017-11-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Bescherming) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-07-05]

Chrome:
=======
CHR Profile: C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default [2017-11-16]
CHR Extension: (Slides) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-09]
CHR Extension: (YouTube) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-09]
CHR Extension: (Sheets) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Kaspersky Protection) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-09]
CHR Extension: (Kaspersky Protection) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-08-11]
CHR Extension: (Kaspersky Password Manager) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaoblbjfmcalcjjaifickaoccjmhlal [2017-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Profile: C:\Users\CensoredName\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-53665365-1931806507-4076513649-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mkaoblbjfmcalcjjaifickaoccjmhlal] - hxxps://chrome.google.com/webstore/detail/mkaoblbjfmcalcjjaifickaoccjmhlal
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-02] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2014-03-14] (CyberLink)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [414344 2017-11-07] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7549616 2014-02-25] (Broadcom Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 csravrcp; C:\Windows\System32\drivers\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CsrBthAudioHF; C:\Windows\system32\DRIVERS\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrhfgcc; C:\Windows\System32\drivers\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\system32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csr_bthav; C:\Windows\system32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197344 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [592088 2017-10-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021656 2017-10-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-05-05] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-05-05] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-08-05] (AO Kaspersky Lab)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-11-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-20] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
R3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-20 11:47 - 2017-11-20 11:48 - 000028107 _____ C:\Users\CensoredName\Downloads\FRST.txt
2017-11-20 11:45 - 2017-11-20 11:47 - 000000000 ____D C:\FRST
2017-11-20 11:41 - 2017-11-20 11:41 - 002391552 _____ (Farbar) C:\Users\CensoredName\Downloads\FRST64.exe
2017-11-17 11:10 - 2017-11-17 11:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-17 11:10 - 2017-11-17 11:10 - 000002071 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-17 11:10 - 2017-11-17 11:10 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-16 18:38 - 2017-11-16 18:38 - 000018432 ___SH C:\Users\CensoredName\Downloads\Thumbs.db
2017-11-16 18:37 - 2017-11-16 18:37 - 000001257 _____ C:\Users\CensoredName\Desktop\Free Video Editor 7.3.0.lnk
2017-11-16 18:37 - 2017-11-16 18:37 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\ThunderSoft
2017-11-16 18:37 - 2017-11-16 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
2017-11-16 18:37 - 2017-11-16 18:37 - 000000000 ____D C:\Program Files (x86)\ThunderSoft
2017-11-16 18:35 - 2017-11-16 18:36 - 021745494 _____ C:\Users\CensoredName\Downloads\free_video_editor.zip
2017-11-16 18:31 - 2017-11-16 18:32 - 101094892 _____ C:\Users\CensoredName\Downloads\Coaching.mp4
2017-11-16 17:36 - 2017-11-16 17:36 - 000017408 ___SH C:\Users\CensoredName\Desktop\Thumbs.db
2017-11-15 18:25 - 2017-10-14 09:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 18:24 - 2017-10-17 20:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 18:24 - 2017-10-16 19:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 18:24 - 2017-10-14 14:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-15 18:24 - 2017-10-14 09:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 18:24 - 2017-10-14 09:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 18:24 - 2017-10-14 09:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 18:24 - 2017-10-14 09:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 18:24 - 2017-10-14 09:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 18:24 - 2017-10-14 08:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-15 18:24 - 2017-10-14 08:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 18:24 - 2017-10-14 08:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 18:24 - 2017-10-14 08:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 18:24 - 2017-10-14 08:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 18:24 - 2017-10-14 08:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 18:24 - 2017-10-14 08:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 18:24 - 2017-10-14 08:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 18:24 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 18:24 - 2017-10-14 08:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 18:24 - 2017-10-14 08:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 18:24 - 2017-10-14 07:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 18:24 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 18:24 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 18:24 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 18:24 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 18:24 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 18:24 - 2017-10-14 07:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-15 18:24 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 18:24 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 18:24 - 2017-10-14 07:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 18:24 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 18:24 - 2017-10-14 07:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 18:24 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 18:24 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 18:24 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 18:24 - 2017-10-10 17:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 18:24 - 2017-10-10 16:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 18:24 - 2017-10-10 16:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-15 18:24 - 2017-10-10 16:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 18:24 - 2017-10-10 16:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-15 18:24 - 2017-10-05 08:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-15 18:24 - 2017-09-15 00:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-11-15 18:24 - 2017-09-08 18:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-11-15 18:24 - 2017-09-08 17:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-11-15 18:24 - 2017-09-08 04:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-15 18:24 - 2017-09-08 04:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-15 18:24 - 2017-09-07 22:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-11-15 18:24 - 2017-09-07 20:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-11-15 18:24 - 2017-09-07 18:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-11-15 18:24 - 2017-09-07 18:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-11-15 18:24 - 2017-09-07 14:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 18:24 - 2017-09-07 14:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 18:24 - 2017-09-07 00:07 - 000158552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 18:24 - 2017-09-06 22:17 - 000461144 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 18:24 - 2017-09-06 22:17 - 000443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 18:24 - 2017-09-06 15:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-11-15 18:24 - 2017-08-11 02:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-15 18:24 - 2017-08-11 02:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-11-15 18:16 - 2017-10-11 08:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 18:16 - 2017-10-10 16:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 18:16 - 2017-10-10 14:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 18:16 - 2017-10-10 14:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-15 08:51 - 2017-11-20 10:18 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-13 20:16 - 2017-11-13 20:16 - 000000000 ____D C:\Users\CensoredName\Documents\Custom Office Templates
2017-11-13 17:12 - 2017-11-13 17:12 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-11-13 17:12 - 2017-11-13 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-11-13 17:07 - 2017-11-13 17:07 - 004455200 _____ (Microsoft Corporation) C:\Users\CensoredName\Downloads\Setup.X86.en-us_O365ProPlusRetail_0529f95f-1997-47aa-b5af-361ab8f97007_TX_PR_b_32_.exe
2017-11-13 16:41 - 2017-11-13 16:41 - 004359968 _____ (Microsoft Corporation) C:\Users\CensoredName\Downloads\setupo365homepremretail.x86.nl-nl_.exe
2017-11-13 08:43 - 2017-11-13 08:43 - 000003334 _____ C:\Windows\System32\Tasks\AcerCloud
2017-11-13 08:38 - 2017-11-13 08:38 - 000003338 _____ C:\Windows\System32\Tasks\abDocsDllLoader
2017-11-13 08:38 - 2017-11-13 08:38 - 000001969 _____ C:\Users\Public\Desktop\abDocs.lnk
2017-11-10 15:25 - 2017-11-10 15:25 - 000001929 _____ C:\Users\Public\Desktop\NordVPN.lnk
2017-11-10 15:24 - 2017-11-10 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-11-10 15:24 - 2017-11-10 15:24 - 000000000 ____D C:\Users\CensoredName\AppData\Local\AdvinstAnalytics
2017-11-10 15:24 - 2017-11-10 15:24 - 000000000 ____D C:\Program Files (x86)\NordVPN
2017-11-09 13:46 - 2017-11-19 09:50 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-09 13:46 - 2017-11-09 13:46 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-09 13:46 - 2017-11-09 13:46 - 000001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-09 13:46 - 2017-11-09 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-09 13:46 - 2017-11-09 13:46 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-09 13:01 - 2017-11-19 09:50 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-09 13:01 - 2017-11-19 09:50 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-04 18:29 - 2017-11-04 18:29 - 000009988 _____ C:\Users\CensoredName\Desktop\Tweaking.com - Windows Repair 2018 - Pre-Scan.txt
2017-11-04 18:24 - 2017-11-04 18:24 - 000000000 ____D C:\Users\CensoredName\Desktop\tweaking.com_windows_repair_aio
2017-11-04 18:21 - 2017-11-04 18:21 - 036135304 _____ C:\Users\CensoredName\Desktop\tweaking.com_windows_repair_aio.zip
2017-11-02 21:01 - 2017-11-02 21:02 - 002753257 _____ C:\Users\CensoredName\Downloads\Becoming a qualified esport coach stagnating in your training and how to improve others MGTV 46.mp3.part
2017-11-02 13:52 - 2017-11-02 13:52 - 000001082 _____ C:\Users\CensoredName\Desktop\ESETScan.txt
2017-11-02 11:05 - 2017-11-03 18:54 - 000000000 ____D C:\Users\CensoredName\AppData\Local\ESET
2017-11-02 11:05 - 2017-11-02 11:05 - 006968952 _____ (ESET spol. s r.o.) C:\Users\CensoredName\Downloads\esetonlinescanner_enu.exe
2017-11-02 10:51 - 2017-11-02 10:58 - 000000000 ____D C:\AdwCleaner
2017-11-02 10:51 - 2017-11-02 10:51 - 008261584 _____ (Malwarebytes) C:\Users\CensoredName\Downloads\adwcleaner_7.0.4.0.exe
2017-11-02 10:50 - 2017-11-02 10:50 - 008250832 _____ (Malwarebytes) C:\Users\CensoredName\Downloads\AdwCleaner.exe
2017-11-02 10:48 - 2017-11-02 10:49 - 000032261 _____ C:\Users\CensoredName\Desktop\MTBresults.txt
2017-11-02 10:45 - 2017-11-02 10:45 - 000032243 _____ C:\Windows\SysWOW64\MTB.txt
2017-11-01 12:16 - 2017-11-01 12:16 - 000645880 _____ C:\Users\CensoredName\Downloads\Week van Respect 2017 - Stellingen Gastsprekers.pdf
2017-11-01 12:16 - 2017-11-01 12:16 - 000608206 _____ C:\Users\CensoredName\Downloads\Week van Respect 2017 - Handleiding Gastsprekers.pdf
2017-10-28 18:53 - 2017-11-17 14:49 - 000000000 ____D C:\Users\CensoredName\Desktop\Diet regime
2017-10-27 12:29 - 2017-10-27 12:29 - 000000000 ____D C:\Users\CensoredName\AppData\LocalLow\Temp
2017-10-27 12:28 - 2017-10-27 12:29 - 001888636 _____ C:\Users\CensoredName\Downloads\Stappenplan Social Start Up.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-20 11:18 - 2017-09-13 20:41 - 000000000 ____D C:\Users\CensoredName\Desktop\BMY
2017-11-20 10:52 - 2017-08-05 21:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-11-20 10:50 - 2017-08-14 16:28 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\vlc
2017-11-20 10:37 - 2017-10-07 16:12 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-20 10:37 - 2017-08-05 21:28 - 000000000 ____D C:\Users\CensoredName\AppData\LocalLow\Mozilla
2017-11-20 10:29 - 2017-08-05 21:11 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-53665365-1931806507-4076513649-1002
2017-11-20 10:16 - 2017-08-07 09:00 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\Skype
2017-11-20 10:13 - 2017-08-05 21:09 - 000000000 ___DO C:\Users\CensoredName\OneDrive
2017-11-19 23:12 - 2017-08-08 10:15 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\WhatsApp
2017-11-19 15:33 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2017-11-19 15:00 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-11-19 13:56 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache
2017-11-19 10:05 - 2017-08-05 21:47 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-11-19 09:54 - 2014-06-23 20:59 - 000703612 _____ C:\Windows\system32\perfh013.dat
2017-11-19 09:54 - 2014-06-23 20:59 - 000138748 _____ C:\Windows\system32\perfc013.dat
2017-11-19 09:54 - 2014-03-18 11:03 - 001613060 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-19 09:50 - 2014-06-23 20:24 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-19 09:49 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-18 07:40 - 2017-08-05 21:05 - 000000000 ____D C:\Users\CensoredName
2017-11-18 07:36 - 2014-06-23 20:24 - 000000000 ____D C:\Users\UpdatusUser
2017-11-18 07:36 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-18 07:34 - 2017-08-19 10:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-18 07:34 - 2017-08-19 10:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-18 07:34 - 2014-06-23 20:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-17 17:05 - 2017-08-05 21:48 - 000000000 ____D C:\Users\CensoredName\AppData\Local\CrashDumps
2017-11-17 13:19 - 2017-08-05 21:05 - 000000000 ____D C:\Users\CensoredName\AppData\Local\Packages
2017-11-17 11:10 - 2017-09-10 06:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-17 11:09 - 2014-06-11 09:25 - 000000000 ____D C:\ProgramData\Adobe
2017-11-17 10:02 - 2017-08-19 10:24 - 000000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 10:02 - 2017-08-05 21:27 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\Mozilla
2017-11-16 17:07 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-16 17:07 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2017-11-16 12:22 - 2017-09-12 08:14 - 000000000 ____D C:\Users\CensoredName\Desktop\Stage
2017-11-16 07:28 - 2017-08-09 19:26 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-16 07:16 - 2013-08-22 15:44 - 000492928 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 23:24 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-11-15 23:23 - 2017-08-07 08:30 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 21:53 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-13 17:12 - 2017-08-09 18:01 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-11-13 17:12 - 2017-08-09 18:01 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-11-13 17:12 - 2017-08-09 18:01 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-11-13 17:12 - 2017-08-09 18:01 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-11-13 17:12 - 2017-08-09 18:01 - 000002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-11-13 17:12 - 2017-08-09 18:01 - 000002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-11-13 17:12 - 2017-08-09 18:01 - 000002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-11-13 08:43 - 2014-06-11 09:17 - 000000000 ____D C:\Program Files (x86)\Acer
2017-11-13 08:42 - 2017-08-05 21:08 - 000000000 ____D C:\Users\CensoredName\AppData\Local\clear.fi
2017-11-13 08:42 - 2014-06-11 09:17 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-11-13 08:38 - 2017-08-05 21:09 - 000003442 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-11-13 08:38 - 2014-06-11 10:03 - 000000000 ___HD C:\OEM
2017-11-10 15:25 - 2017-08-14 20:33 - 000000000 ____D C:\Users\CensoredName\AppData\Local\NordVPN
2017-11-10 15:24 - 2017-08-14 20:32 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\NordVPN
2017-11-10 09:48 - 2017-09-24 19:36 - 000000000 ____D C:\ProgramData\Skype
2017-11-09 15:29 - 2017-08-08 10:15 - 000000000 ____D C:\Users\CensoredName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-09 15:29 - 2017-08-08 10:15 - 000000000 ____D C:\Users\CensoredName\AppData\Local\WhatsApp
2017-11-09 15:29 - 2017-08-08 10:15 - 000000000 ____D C:\Users\CensoredName\AppData\Local\SquirrelTemp
2017-11-09 11:47 - 2013-08-22 14:25 - 000000160 _____ C:\Windows\win.ini
2017-11-09 08:31 - 2017-08-09 19:25 - 000003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-09 08:31 - 2017-08-09 19:25 - 000003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-07 09:24 - 2017-08-08 09:58 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-53665365-1931806507-4076513649-1002
2017-11-07 09:24 - 2017-08-07 09:00 - 000002340 _____ C:\Users\CensoredName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-11-06 18:25 - 2017-08-05 21:26 - 000000000 __SHD C:\Users\CensoredName\AppData\LocalLow\EmieUserList
2017-11-06 18:25 - 2017-08-05 21:26 - 000000000 __SHD C:\Users\CensoredName\AppData\LocalLow\EmieSiteList
2017-11-04 01:41 - 2017-08-07 08:33 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-04 01:41 - 2017-08-07 08:33 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-01 08:54 - 2017-10-13 12:00 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-31 09:42 - 2017-09-09 15:23 - 000000000 ____D C:\Users\CensoredName\Desktop\Sociaal Ondernemen
2017-10-25 21:30 - 2017-09-13 08:31 - 000000000 ____D C:\Users\CensoredName\Desktop\Lab

==================== Files in the root of some directories =======

2017-09-02 10:58 - 2017-09-02 10:58 - 000000000 _____ () C:\Users\CensoredName\AppData\Local\{30A37164-3BCA-4745-8EDC-9182AD0D2446}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-20 11:12

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 

 

Logs addition.text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by CensoredName (20-11-2017 11:48:25)
Running from C:\Users\CensoredName\Downloads
Windows 8.1 (Update) (X64) (2017-08-05 20:05:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-53665365-1931806507-4076513649-500 - Administrator - Disabled)
Guest (S-1-5-21-53665365-1931806507-4076513649-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-53665365-1931806507-4076513649-1004 - Limited - Enabled)
CensoredName (S-1-5-21-53665365-1931806507-4076513649-1002 - Administrator - Enabled) => C:\Users\CensoredName
UpdatusUser (S-1-5-21-53665365-1931806507-4076513649-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-3709efc5-5fef-477a-bbc7-18036009379f) (Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-c1e41e34-aa82-4d21-b10b-ea95ce0ba721) (Version: 2.2.0.110 - WildTangent) Hidden
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Free Video Editor 7.3.0 (HKLM-x32\...\{c23a3d87-c9c5-49cd-9632-42d7491c17a2}_is1) (Version: 7.3.0 - ThunderSoft International LLC.)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-5d43c571-d01e-4d41-b589-dd7c2fb18019) (Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Kaspersky Password Manager (HKLM-x32\...\{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-2ca776d0-7df4-49c3-ad99-d905d71006d2) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-8cb10c4b-d256-475b-afa9-f56cbcde394f) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NordVPN (HKLM-x32\...\{A18D9494-DE67-414D-8E9E-B65A91DD90E6}) (Version: 6.8.10 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.8.10) (Version: 6.8.10 - NordVPN)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-73604cda-effc-4a0e-8680-4376e0afcbc5) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-29adcc55-3046-4a34-ad10-ba599d8c239f) (Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.28148 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.2.11.0 - 2BrightSparks)
SyncBackLite (HKLM-x32\...\SyncBackLite_is1) (Version: 8.2.11.0 - 2BrightSparks)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-05e9de94-4402-46f9-901a-34504a0f3b1e) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-d7467e94-4236-4fb7-8556-26bfa11455eb) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9590 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-53665365-1931806507-4076513649-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\CensoredName\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-05-05] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-05-05] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-05-05] (AO Kaspersky Lab)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-05-05] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CE4C7C8-4315-4B3B-9A88-65D02413BE54} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {0DC0C4B8-748F-4519-90E0-92A792871DB6} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-09] (Dolby Laboratories Inc.)
Task: {1DB14ABE-9417-440A-BE9A-AE56612EB25C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {204EE7E8-8B22-434B-B8A1-F78BDD1E5542} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {23033727-20D3-4515-99E6-3107CA47A89A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {2B42A1B7-D0A8-441D-AE3F-8704C231F9B0} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {3FD4E136-3D95-44D1-9384-8E8E14C86651} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {4F4ACA7D-3289-4E59-915B-265DA260128A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {55C1CF8E-C314-4F7A-AD82-87941F1B315C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {57200F5E-D7D1-4416-B069-1767CA2F507E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {60425C7E-F03D-487C-9E37-948FA95E0E40} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {6769BE58-A07C-4B41-B751-2AB4EAC42748} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {72E54899-C193-4598-827C-62CBCEF99523} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-19] (Acer Incorporated)
Task: {780D6BA7-BD7C-4B13-9219-AC564B38B7F4} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {8E2C1C33-A758-4517-9EE8-A43A1EB66388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-09] (Google Inc.)
Task: {9013BE10-CADA-40E7-A2E4-F973708B0BC0} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {9153F99C-4920-4820-B0A3-136C4B6AB2AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-09] (Google Inc.)
Task: {9EB1988B-AA71-4DFE-B231-D97BBEECAAC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-17] (Microsoft Corporation)
Task: {9FD4C765-E134-42C7-AB7D-16920176F43A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A30E9FE7-56AA-4352-A2AB-433490D96E86} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {AE831D52-B09C-45B8-A9CE-207268D40AD0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-01] (Synaptics Incorporated)
Task: {B208DEEE-805E-4F86-A787-91839138FA3C} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2017-09-28] ()
Task: {CD1B3DE1-791E-4DE0-8308-EC5E6A7CE890} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)
Task: {CF7C43B9-5DF0-466B-B650-47EB6DB08C3C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {D4D063A0-3851-4686-85DB-CDCD17547ECA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {D8800ED2-4BE7-4108-86CF-B7E76BFF8F49} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-17] (Microsoft Corporation)
Task: {D91F5716-0135-4DC8-970C-FCC5F6FD47C2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-17] (Microsoft Corporation)
Task: {DDDC0120-C16E-48B7-9D70-DDAAD531B841} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)
Task: {EC9651D7-B60E-48DF-B95E-AB0688D5F406} - System32\Tasks\Adobe Reader and Acrobat Manager => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 19:50 - 2017-07-13 19:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-15 00:27 - 2014-04-15 00:27 - 000049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2017-11-07 14:55 - 2017-11-07 14:55 - 000414344 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2014-06-23 20:32 - 2012-04-24 11:43 - 000254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-10-13 12:00 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-13 12:00 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-06-23 20:24 - 2016-12-29 14:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-23 20:37 - 2014-01-03 22:13 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2017-11-13 17:10 - 2017-11-13 17:10 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2012-03-22 20:11 - 2012-03-22 20:11 - 000244944 _____ () C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
2017-07-14 09:27 - 2017-07-14 09:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 09:26 - 2017-07-14 09:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-12-22 21:58 - 2016-12-22 21:58 - 000411912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe
2017-09-28 17:21 - 2017-09-28 17:21 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2016-12-22 21:59 - 2016-12-22 21:59 - 000108072 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\plugin-nm-server.exe
2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2014-06-23 20:17 - 2013-09-04 00:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-05 12:03 - 2016-12-05 12:03 - 000600160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\dblite.dll
2016-12-22 21:24 - 2016-12-22 21:24 - 000513960 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ipm_service.dll
2016-12-22 21:26 - 2016-12-22 21:26 - 000362344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ucp_meta.dll
2016-12-22 21:58 - 2016-12-22 21:58 - 000237416 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\infra.dll
2017-11-16 11:10 - 2017-11-16 11:10 - 000192512 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\bff233ca535292364dc8654614f72cda\Windows.Foundation.ni.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-11-13 08:38 - 2017-11-13 08:38 - 000015136 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 12:35 - 2017-09-26 12:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 12:34 - 2017-09-26 12:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-53665365-1931806507-4076513649-1002\...\sharepoint.com -> hxxps://stichtingfontys-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-11-09 11:47 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-53665365-1931806507-4076513649-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CensoredName\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D712051C-9E18-45F3-99B7-414599AD1A13}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{9EC4845B-F5FB-4A96-8C4A-7CE708B67ECC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{5EB6B101-A59E-4BD5-A16D-0054F1E07A92}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2A704EA1-8045-482B-9D67-B8E3C584DBCD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0D1B1915-393C-446A-AA8F-4578ACB13369}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BBEE87EF-6040-4AA0-B36B-9C1C6BDF4B2B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{92CD907D-6A51-4E6A-BFE0-2FD54A8DB9FB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F87D32F4-07EC-4C42-9B58-9902B6BE66C8}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FA0F439E-84EE-4FEF-98F2-6B55AB3FA39C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5B531651-6CDF-4FCE-9060-5A5CC4DEE19B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{F9F4AC5E-3861-43C2-8382-34E76D0FEB34}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{653BB669-FD7B-4D99-A23A-34AA1B7DA362}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C487E9A7-494F-432B-B6C8-7A150071DD2C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{B93C3CC5-56C0-4D66-98B2-067FC95A82AC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8F10BD22-07B1-41D1-B8DA-CDADC3D3D99B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FA2BA684-D729-4D74-A1C2-AD0D1DACFE59}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{63374FC0-8595-4F9A-AFCF-35C406FAF162}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{66197FE8-7E17-457A-8342-1C3A0A1E9E5D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{8BE79734-A79A-4862-BB51-55349AFE7713}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{F6A99D92-9CE1-4DF0-92BA-3A72D625D624}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{F0A0C694-3DFD-4A22-8452-CA7F16E22CC4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{50EFBD23-4B14-4764-BC9E-0C14D66C4F1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ECA2CE25-337C-4CDA-9AB1-0A0371C09223}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{605F9FEE-BC56-4CF9-88C2-0F986E201772}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4C3FBBA2-45E6-496F-BB6C-48A86190440D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CD16557E-B546-48CF-AC42-1EE046E2CB8F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{3F8B0EBE-5CA3-42FC-9DD4-E0D19D3AB184}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{9EF9CE10-4FB2-4A0A-91C2-27F28FC28D5D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91A9388F-E8CB-4811-B17D-CBE0C91485C4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{25DD0D60-12BE-4110-8168-F717AF4F710F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{C1D3C8A8-5876-478D-AAD8-C0A96969D8FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{B5FC7B6E-7E89-4A42-AF50-5070A06DDC42}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{F4845AD6-D666-45A8-8CFF-98155D0D9B0C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{1FD2D880-375E-429F-AA0A-027F7A51F305}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6869A5C8-A026-47FC-8599-433E37863668}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{F7363DA9-78C2-4649-BAC7-E753CD7B8F8D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{A5437530-74F9-4BB3-A4B3-79EF0E937F31}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{E7BA585B-496B-427C-A8A8-711737FE537D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C0E689CC-3AA0-49F4-BE46-FC1302EC6662}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{54F4BC5B-92B7-4DCF-B08A-6B37465639EE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{801FA015-B149-4559-87ED-43B6648C0FC4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{7F890314-4D2E-4F44-BFFE-7D19F883C361}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{94092809-20E2-45DE-BE07-3906CB3DC522}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{51E15916-911F-4E8D-A287-7FC4CC99A066}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E9DCC70A-1C4E-4B30-A26C-9E226D311064}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F9118723-65CD-4A3C-BA28-83BB0868A0DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4BA20EA6-9745-4F52-B446-FAF600656792}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F2CE335-F09F-4771-A2C9-AD0B82599A10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1200DA5F-0B55-4CA6-9008-A9D7C8391C06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DB8758C-EC74-4606-8EDF-76328FA1B9ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D33EC941-D68C-4279-9D9E-9F5792FD7DBA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8093ED94-381C-44C6-B41B-5009D89555D2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AA8515CD-614C-48F2-A86B-769A884F93D1}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{2647D33B-6D18-4873-B482-1C2A72FCD3F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B1D3C8BB-B00C-4303-960F-FB68DD3728D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B46833E2-0A25-4483-AC74-D325D12F19E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A008CFC-BFB3-4D84-8A2B-9FD6F89DC2D9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{E964F7F9-AD92-46AF-B75B-00B978D61373}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D1930F2F-8641-4164-8041-88ACEBE7CBBE}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CE080EBE-B54B-4BDF-90FE-3F2F3E4D06A9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{56AD111B-E3C8-40D8-BD29-B92C320817E7}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{CB403545-D770-4CEE-A181-30857E02F215}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{B7E08296-3DB1-4D50-9E30-887D88013CA8}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{9B1CAC73-FDA6-4594-8A80-5ECFFEBC6EED}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5F7F4F06-FE46-4CB6-B282-4733F7759A82}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{4CFF0089-C186-44BF-8F4A-4A5EBFAA7A02}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{9A2A45AE-3DB8-4885-8DE1-2AA647F75A5E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{59AF2C77-0E54-451F-BD3A-291DBFF232CA}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{74D6956A-12FE-4507-A371-13AC9DCA0682}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{A002AEE3-99DD-4A91-8EE5-880C48E1F407}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-11-2017 15:24:10 Installed NordVPN
15-11-2017 21:51:35 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2017 11:01:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: CsrBtService.exe, versie: 2.1.63.0, tijdstempel: 0x4f6b2b7e
Naam van module met fout: CsrBtService.exe, versie: 2.1.63.0, tijdstempel: 0x4f6b2b7e
Uitzonderingscode: 0xc0000005
Foutmarge: 0x000000000001d7c2
Id van proces met fout: 0x4f8
Starttijd van toepassing met fout: 0x01d361135f475d7a
Pad naar toepassing met fout: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
Pad naar module met fout: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
Rapport-id: bf0731b5-cdd9-11e7-82cb-6002922db000
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (11/20/2017 10:13:10 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (11/20/2017 10:13:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Kan activeringscontext voor C:\Program Files (x86)\Audacity\audacity.exe niet maken. Fout in manifest of beleidsbestand  op regel .
Een onderdeelversie die nodig is voor de toepassing, conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/19/2017 11:12:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: CsrBtOBEXService.exe, versie: 2.1.63.0, tijdstempel: 0x4f68683b
Naam van module met fout: CsrBtOBEXService.exe, versie: 2.1.63.0, tijdstempel: 0x4f68683b
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0000000000006f58
Id van proces met fout: 0x448
Starttijd van toepassing met fout: 0x01d361135f3fad67
Pad naar toepassing met fout: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Pad naar module met fout: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Rapport-id: b5d8cf52-cd76-11e7-82cb-6002922db000
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (11/19/2017 04:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43312

Error: (11/19/2017 04:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43312

Error: (11/19/2017 04:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2017 04:15:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2297

Error: (11/19/2017 04:15:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2297

Error: (11/19/2017 04:15:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/20/2017 11:01:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De CSR Bluetooth Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (11/19/2017 11:12:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De CSR OBEX Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (11/19/2017 09:50:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Defender Service-service kan vanwege de volgende fout niet worden gestart:
Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.

Error: (11/19/2017 09:49:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De McAfee SiteAdvisor Service-service kan vanwege de volgende fout niet worden gestart:
Het systeem kan het opgegeven bestand niet vinden.

Error: (11/19/2017 09:49:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 09:48:55 op ‎19-‎11-‎2017 is onverwacht gebeurd.

Error: (11/18/2017 01:33:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Defender Service-service kan vanwege de volgende fout niet worden gestart:
Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.

Error: (11/18/2017 01:32:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De McAfee SiteAdvisor Service-service kan vanwege de volgende fout niet worden gestart:
Het systeem kan het opgegeven bestand niet vinden.

Error: (11/18/2017 01:32:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 11:05:27 op ‎18-‎11-‎2017 is onverwacht gebeurd.

Error: (11/18/2017 01:31:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: BITS.

Error: (11/18/2017 07:34:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Defender Service-service kan vanwege de volgende fout niet worden gestart:
Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.


CodeIntegrity:
===================================
  Date: 2017-11-19 09:50:22.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-18 13:33:05.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-18 07:34:27.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-16 07:17:00.528
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 14:36:44.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-10 09:47:47.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-09 13:01:24.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 16264.27 MB
Available physical RAM: 11443.79 MB
Total Virtual: 18696.27 MB
Available Virtual: 12785.52 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:46.01 GB) NTFS
Drive d: (DATA) (Fixed) (Total:914.51 GB) (Free:910.41 GB) NTFS
Drive e: (CSR4.0 Harmony) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:57.82 GB) (Free:0.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: F4AC5020)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F4AC5034)

Partition: GPT.

========================================================
Disk: 2 (Size: 57.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 21 November 2017 - 10:50 AM

ElectricYouth:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 21 November 2017 - 12:52 PM

ElectricYouth:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I am curious as to whether you recognize this Firefox extension?
 

FF Extension: (Library Access) - C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default\Extensions\{809ea8a3-a45d-41a2-9cb0-e7c7d7321db5}.xpi [2017-11-04]

 
When I searched that extension using Google, the only hit was this topic here, which makes it somewhat suspicious.

.

:step2: Please run a FRST fix for me.

IMPORTANT: Before running the FRST fix for me, using Windows File Explorer (Windows key + E), please navigate to the C:\Users\CensoredName\Downloads folder, and rename FRST64.exe to FRST64English.exe. If you are prompted to update FRST64English.exe, please update it, but then ensure that the newly downloaded version of FRST64.exe is named/renamed to FRST64English.exe before running the "fixlist" script. This will result in the scan and fix results being reported in English, which is my native language. Thank you for your cooperation.

This FRST "fixlist" script will also remove remnants of the McAfee and AVG programs that are no longer installed on your computer. This will reduce the possibility of conflicts with Kaspersky Total Security.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-21-53665365-1931806507-4076513649-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> DefaultScope {A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} URL =
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> {A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} URL =
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
C:\Program Files (x86)\McAfee
C:\Program Files\McAfee
CustomCLSID: HKU\S-1-5-21-53665365-1931806507-4076513649-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\CensoredName\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {4F4ACA7D-3289-4E59-915B-265DA260128A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
C:\Program Files\Common Files\AV\McAfee VirusScan
Task: {60425C7E-F03D-487C-9E37-948FA95E0E40} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
C:\Program Files (x86)\AVG
VirusTotal: C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default\Extensions\{809ea8a3-a45d-41a2-9cb0-e7c7d7321db5}.xpi;C:\Program Files (x86)\Acer\Live Updater\updater.exe;C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64English.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 22 November 2017 - 11:36 AM

Hi Phil, thanks for your help.

 

I ran scans with kaspersky and malwarebytes before seeing your post, but it came up with 0 threats so i didn't delete anything, is that ok?

 

The ff extension Library Access is an app provided by my university, to access studies. Not sure if it's safe though, haven't really used it yet either.

 

I added the logs below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by CensoredName (22-11-2017 17:28:38) Run:1
Running from C:\Users\CensoredName\Downloads
Loaded Profiles: UpdatusUser & CensoredName (Available Profiles: UpdatusUser & CensoredName)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-21-53665365-1931806507-4076513649-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> DefaultScope {A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} URL =
SearchScopes: HKU\S-1-5-21-53665365-1931806507-4076513649-1002 -> {A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} URL =
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
C:\Program Files (x86)\McAfee
C:\Program Files\McAfee
CustomCLSID: HKU\S-1-5-21-53665365-1931806507-4076513649-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\CensoredName\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {4F4ACA7D-3289-4E59-915B-265DA260128A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
C:\Program Files\Common Files\AV\McAfee VirusScan
Task: {60425C7E-F03D-487C-9E37-948FA95E0E40} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
C:\Program Files (x86)\AVG
VirusTotal: C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default\Extensions\{809ea8a3-a45d-41a2-9cb0-e7c7d7321db5}.xpi;C:\Program Files (x86)\Acer\Live Updater\updater.exe;C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe

*****************

Restore point was successfully created.
Processes closed successfully.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-53665365-1931806507-4076513649-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} => key removed successfully
HKLM\Software\Classes\CLSID\{A55D3D18-0134-42CB-B0ED-8A65C60D1CE1} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key removed successfully
HKLM\System\CurrentControlSet\Services\McAfee SiteAdvisor Service => key removed successfully
McAfee SiteAdvisor Service => service removed successfully
"C:\Program Files (x86)\McAfee" => not found.
"C:\Program Files\McAfee" => not found.
HKU\S-1-5-21-53665365-1931806507-4076513649-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => key removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => key removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F4ACA7D-3289-4E59-915B-265DA260128A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4ACA7D-3289-4E59-915B-265DA260128A} => key removed successfully
C:\Windows\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare) => key removed successfully
C:\Program Files\Common Files\AV\McAfee VirusScan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60425C7E-F03D-487C-9E37-948FA95E0E40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60425C7E-F03D-487C-9E37-948FA95E0E40} => key removed successfully
C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => key removed successfully
C:\Program Files (x86)\AVG => moved successfully
VirusTotal: C:\Users\CensoredName\AppData\Roaming\Mozilla\Firefox\Profiles\fnmz2i9z.default\Extensions\{809ea8a3-a45d-41a2-9cb0-e7c7d7321db5}.xpi => not found
VirusTotal: C:\Program Files (x86)\Acer\Live Updater\updater.exe => https://www.virustotal.com/file/d86e4ff4044dd91d677758444405f560ce4bb4934356bf853fe7b186a9b25789/analysis/1510555207/
VirusTotal: C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe => not found


The system needed a reboot.

==== End of Fixlog 17:29:09 ====



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 22 November 2017 - 12:57 PM

ElectricYouth:
 
Thank you for your post and for the "fixlog.txt" results.  That looks good.
 
Thank you also for explaining the FF extension.  I can't tell you whether it is safe.  It might be an intra-university FF extension, which is why Google had so little information about it.  It is entirely up to you if you want to keep it or remove it.
 
.
 
:step1: You stated that you did run a Malwarebytes scan.  Please check your most recent scan results, and check if the following items were set as specified:

  • Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."

If you were missing any of those selections, please re-run a Malwarebytes scan.  Please copy and paste the results into your next reply.
 
.
 
:step2: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining instructions until directed to do so by me. If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.
  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

:step3: Please provide me with an update as to how your computer is performing, after rebooting. If there are any errors or issues, please provide me with as much detail as possible to help me troubleshoot your issues.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 25 November 2017 - 12:50 PM

ElectricYouth:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#7 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 26 November 2017 - 06:10 AM

Hi, excuse me for not responding earlier. I was very busy. Thanks for still keeping the topic open.

 

I performed step 1 and scanned my laptop with malwarebytes, here's a summary of that scan:

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/26/17
Scan Time: 11:43 AM
Log File: 9cd9a1c2-d296-11e7-aade-00ffa13e1349.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3349
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: FLASH\CensoredName

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387433
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

 

 

Step 2: logfile adwcleaner:

 

# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 26 11:03:35 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\CensoredName\AppData\Local\AdvinstAnalytics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2860 B] - [2017/11/2 9:58:10]
C:/AdwCleaner/AdwCleaner[S0].txt - [2954 B] - [2017/11/2 9:53:15]
C:/AdwCleaner/AdwCleaner[S1].txt - [1355 B] - [2017/11/26 10:57:3]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

 

 

 

 

 

Reboot went fine. Ever since I performed the steps on the previous topic I made before this one, the "apps not working at start" became very rare. So I don't know if it's fixed now, it might take a week to find out.

 

But when I formatted my laptop months ago, I remember the audio speakers of my laptop worked very well and loudly. But the audio speakers volume has now returned to how it was before formatting. And this started I think around the time of apps not working etc..

Boopme from the other topic thought these problems may be related to bluetooth.

My laptop does not have internal bluetooth, so I bought a bluetooth stick to connect my headphone to my laptop.

 

Do you think it could be related?



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 26 November 2017 - 02:23 PM

ElectricYouth:
 
Thank you for your post and for the logs.  All is looking good there.
 
.
 
:step1: Please run a System File Checker (SFC) scan to assess the integrity of the Windows file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the System File Checker in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?
  • If System File Checker reports that some errors were corrected, and some errors were not corrected, please re-run the System File Checker again, as it does happen that it can not fix all of the errors detected in a single run.
  • If it again reports that some errors were corrected, and some errors were not corrected, please run it a third time.

If SFC continues to report uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log", and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

.

:step2: I would recommend that you also visit the website of the manufacturer of your Bluetooth device to see if there are more recent drivers compatible with Windows 8.1 than what is current installed. Windows updates sometimes "break" things. You can launch the Device Manager and check the status and details of the Bluetooth driver.

 

.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 27 November 2017 - 12:31 PM

I ran it and the results: Windows Resource Protection did not find any integrity violations.

 

So far it has already happened twice that apps didn't start while starting laptop (since my last post).

 

I got EkoBuy bluetooth 4.0. Downloaded the newest driver from their site and installed it.

 

Do you think it's still an issue of a malware/virus/trojan or is it just a corrupted file? Just wanna know if my laptop has not been hijacked by someone or that someone can get my passwords etc.


Edited by ElectricYouth, 27 November 2017 - 12:35 PM.


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 27 November 2017 - 03:21 PM

ElectricYouth:
 
Thank you for your post.  I see that you have run an ESET scan already, but I would like you to run a fresh one for me, just to confirm that there is no malware involved in your issue at this point in time. It is important that you follow ALL of the directions for running the ESET scan. If ESET detects nothing, there will be no log produced.

The FRST logs did not reveal any trojans or keyloggers.  Malwarebytes and AdwCleaner are normal, so at this point in time, I doubt, pending the new ESET scan, that you have reason to be concerned about being hijacked or about someone stealing your passwords.  Right now, I am looking for a possible cause of your apps not launching, but let's make sure that your computer is clean first.

Your issue with apps not launching could be corrupt program files, but it could also signify program components located on unreadable sectors of a failing hard drive, or it could be Windows issues. Let's try eliminating some of those possibilities, after the computer is considered to be "clean."
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run the DISM command shown below from an elevated (Administrative) command prompt. This works for both Windows 8 and 10 computers.



DISM /online /cleanup-image /restorehealth

More information about DISM may be found here.
Please let me know the results of running DISM.

.

:step3: We need to check your hard disk for errors.

To determine if your C: drive is an SSD or conventional hard drive for Windows 8/8.1. or 10, please press the Windows logo key and search for "optimize" in the Windows Start menu. Select: Defragment and optimize your drives. See this link for more information.
For Windows 7 and earlier, please the Windows logo key + R together, then type control and press the <Enter> key. Click on "System and Security" and then click on "Device Manager". Next, click on "Disk Drives" to open up a list of disk drives on your computer. If it is an SSD drive, it should say so in the description; but if you are not sure, "Google" the model number of the drive that you want to run chkdsk on.

It is important not to run chkdsk /r on an SSD as it will lead to excessive wear and shorten the life of an SSD. For SSD drives, use the chkdsk /f command.

  • Please open an Elevated Command Prompt. To do this:
    • Press the Windows "Start" button.
    • Type "cmd.exe" into the "Search" box.
    • At the top of the list that generates, you should see "cmd.exe".
    • Right click "cmd.exe" and select "Run as Administrator".
  • Type the following command exactly: chkdsk /r unless you have an SSD hard drive, in which case, type chkdsk /f.
  • Please note that there is a space between "chkdsk" and "/r" or "/f".
  • You will get a message that the volume is locked and do you want to reboot.
  • Click on "Yes" to permit the computer to reboot.
  • When the computer reboots, do not press any keys. Let the chkdsk run, which will take several hours.
  • The computer will reboot automatically when the "chkdsk" has finished.

Please follow the instructions here to find the results of the "chkdsk" scan.

Please copy and paste those results into your next reply.

You should run this command when you will not need your computer. The chkdsk scan can take five to ten hours, or more, depending on whether the hard drive is SSD or conventional, and the size and amount of data on the drive, and whether CHKDSK has to attempt repairs.

.

:step4: With respect to the apps that are failing to launch, would you please tell me the name of those apps, and precisely any error messages, error codes, and the details of what happens when you try to launch those apps.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 27 November 2017 - 06:16 PM

I performed the ESET scan. This time I included my external harddrive stick, which I sometimes connect to my laptop and thought might be part of the problem.

 

I don't know which apps don't start, but basically when I start laptop, I come in desktop, but I can't open any folders or files. Also when I click on ^, in the bottom right corner which shows a list of apps, only about 5 icons show up like "volume", "laptop battery" etc... so most programs dont start. There's no error message whatsoever, just can't open anything as it keeps "loading" to open anything (havent waited long enough to see if an error message pops up,will do that next time), so have to hold power button to restart laptop.

 

The ESET scan found some threats, i included log below. In about 12 hours I will perform step 2 and 3.

 

C:\Users\CensoredName\Downloads\FreemakeYouTubeToMP3BoomSetup(1).exe    a variant of Win32/FusionCore.I potentially unwanted application    cleaned by deleting
C:\Users\CensoredName\Downloads\FreemakeYouTubeToMP3BoomSetup.exe    a variant of Win32/FusionCore.I potentially unwanted application    cleaned by deleting
C:\Users\CensoredName\Downloads\spsetup131.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
 


Edited by ElectricYouth, 28 November 2017 - 04:33 AM.


#12 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 28 November 2017 - 04:34 AM

Results of DISM: 100%

the restore operation completed succesfully. The compotent store corruption was repaired. The operation completed succesfully.

 

 

Performed the chkdsk /f too, here is the log:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.


A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  368128 file records processed.                                                         File verification completed.
  8088 large file records processed.                                      0 bad file records processed.                                      
Stage 2: Examining file name linkage ...
  470656 index entries processed.                                                        Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       
Stage 3: Examining security descriptors ...
Cleaning up 899 unused index entries from index $SII of file 0x9.
Cleaning up 899 unused index entries from index $SDH of file 0x9.
Cleaning up 899 unused security descriptors.
Security descriptor verification completed.
  51265 data files processed.                                            CHKDSK is verifying Usn Journal...
  41158544 USN bytes processed.                                                            Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 124185599 KB total disk space.
  74950540 KB in 260877 files.
    177448 KB in 51266 indexes.
         0 KB in bad sectors.
    481547 KB in use by the system.
     65536 KB occupied by the log file.
  48576064 KB available on disk.

      4096 bytes in each allocation unit.
  31046399 total allocation units on disk.
  12144016 allocation units available on disk.

Internal Info:
00 9e 05 00 56 c3 04 00 1f 07 09 00 00 00 00 00  ....V...........
44 02 00 00 52 00 00 00 00 00 00 00 00 00 00 00  D...R...........

Windows has finished checking your disk.
Please wait while your computer restarts.
 


Edited by ElectricYouth, 28 November 2017 - 05:12 AM.


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:48 AM

Posted 28 November 2017 - 11:50 AM

ElectricYouth:

 

Thank you for running those scans and for posting the logs.  All is looking good.

 

That "^" up arrow, on the bottom right, is just there so you can see hidden task bar icons.  What you are reporting is normal.  Your programs should not be there.  You should be launching your programs from the Start menu or from the desktop shortcuts.

 

Computer lag when initially booted is not unusual, particularly if you have heavy-duty protection apps, like you do (Kaspersky and Malwarebytes).  My i7 laptop takes about five minutes after bootup until it is responsive.  I am running Bitdefender and Malwarebytes.  Windows, plus your protection apps, are all "calling home" looking for updates when you first boot your computer.  It is a very busy time for the CPU and the hard disk/SSD.

 

If you can get some error messages from specific programs, I should be able to help you further.  Right now, I am guessing that you are impatient to get "computing" as soon as you see the desktop appear.

 

The issue, in so far as I can see, is not malware-related.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 28 November 2017 - 12:44 PM

Basically, normally when I start my laptop and click on "^", I see the icons of Kaspersky, malwarebytes, acer portal, nvidea settings, epson printer etc. appearing within 20 seconds and I can start firefox and open folders and documents at the same time, it's very fast and never takes more than 20-30 seconds.

 

However, when the problem occurs, these icons don't show up, even after waiting 5 minutes, I once waited 10-15 minutes but nothing happens. When I click on firefox or open documents, nothing starts. When I go on windows menu and click "shut down laptop", it doesn't shut down even after waiting for a long time, nothing happens.

 

The only way to get out of this is by holding the power buttton.

 

 

On another note, when I enter certain websites, I get a pop up from Kaspersky saying that it can't guarantee the authenticity of the domain which I am connecting to. The URL is (i think always) edge.quantserve.com and occurs on different sites. I believe I started getting these errors after creating an account on twitch few months ago. Sometimes I click "abort connection" or "continue", is this related to the problem or a possible malware and what action do you recommend to choose in these cases?



#15 ElectricYouth

ElectricYouth
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 29 November 2017 - 03:32 AM

It happened again and this time I did get an error. Something about a group (service?) client, related to user login and administrator mode.

I took a screenshot so that I could remember the error, but couldn't open paint to save the screenshot.

 

 

Edit: happened again, this time I checked how many icons show up, and it's 5: nvidea settings, nvidea GPU activity, volume control, wifi, laptop battery.


Edited by ElectricYouth, 29 November 2017 - 12:51 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users