Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acer Laptop- Help Request- Please Verify Clean


  • This topic is locked This topic is locked
36 replies to this topic

#1 SenorSySoP

SenorSySoP

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 28 November 2017 - 09:50 AM

​HI, this is my 12 years olds lap top  and recently Norton found some virus it called low risk and removed it.  I know better (thanks to the good folks here) than to just blindly trust that all is well and go on computing in bliss.    Please help me verify that we are clean.   For the record, I really doubt it.    Here we go>   Frst scan below, then addition, then text shortcuts, all the frst options included.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2017 (ATTENTION: ====> FRSTversion is 43 days old and could be outdated)
Ran by Ronnie (administrator) on CONNERS (28-11-2017 08:42:46)
Running from D:\AcerLapTop
Loaded Profiles: Ronnie (Available Profiles: Ronnie & conne_000)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\N360.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Pokki) C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\N360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(acer) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
(acer) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer)
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\RunOnce: [Application Restart #0] => C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7881936 2017-08-11] (Pokki)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{272B6E6D-31EB-4259-BA89-5384DB6C9181}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Internet Explorer:
==================
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> {7EE24913-EF26-47AE-8E79-13C51D40CD05} URL =
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.0.85&locale=en_US&guid=4552A70F-FC43-4F4F-B1C2-299BE242C802&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-26] (Oracle Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-26] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon => not found
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-26] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-22] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://secure.web-start-page.com/?partner=acer&src=omnibox&brw=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> web-start-page.com
CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.web-start-page.com/suggest?format=json&brw=ch&locale={language}&q={searchTerms}
CHR Profile: C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default [2017-11-27]
CHR Extension: (Docs) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-27]
CHR Extension: (Google Drive) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-10]
CHR Extension: (YouTube) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-11-27]
CHR Extension: (Google Search) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-27]
CHR Extension: (Gmail) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-27]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\Exts\Chrome.crx [2017-08-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\Exts\Chrome.crx [2017-08-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-25] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-28] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\N360.exe [326144 2017-07-14] (Symantec Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 0215421502431352mcinstcleanup; C:\Users\Ronnie\AppData\Local\Temp\021542~1.EXE -cleanup -nolog [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\BASHDefs\20171120.003\BHDrvx64.sys [1872024 2017-11-20] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-11-27] (Symantec Corporation)
U3 EraserUtilDrv11721; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11721.sys [158360 2017-11-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-16] (Symantec Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\IPSDefs\20171124.001\IDSvia64.sys [1056920 2017-11-24] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\160A000.055\SymELAM.sys [24608 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-08-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X] <==== ATTENTION
S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X] <==== ATTENTION
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\DRIVERS\btath_flt.sys 8302D313DCC5536FE6BFB85165D9BB1E
C:\Windows\system32\DRIVERS\athwbx.sys 506CDD8280C18029753B8AB0E9F42432
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 195BD339B4B782B42C19489DCFB4D110
C:\Windows\system32\DRIVERS\bcmwl63a.sys 9A4EF701A4FC835F7DDD8956D930010F
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\BASHDefs\20171120.003\BHDrvx64.sys 97CC114712E5CCFA89082392EB89D21E
C:\Windows\System32\DRIVERS\bowser.sys 4938A9236300A356F97E378491EE4844
C:\Windows\system32\drivers\btath_a2dp.sys DE8D825D9D45108CC7640C7944E68D60
C:\Windows\system32\drivers\btath_avdt.sys 30609197DBF90028615E9CE312C60A14
C:\Windows\System32\drivers\btath_bus.sys AF7DEA6A0E93AF8517A310D189B656BE
C:\Windows\System32\drivers\btath_hcrp.sys 4AF7C20F94DAC343C01ED671C82DCB99
C:\Windows\system32\DRIVERS\btath_lwflt.sys 785C38070043BEEE9E9D591DE4067244
C:\Windows\System32\drivers\btath_rcp.sys 859A116D748FBA603AF94C251DC5CF97
C:\Windows\system32\DRIVERS\btfilter.sys 8434237E1EC39E85D8ACE6FA694A5733
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF
C:\Windows\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\system32\DRIVERS\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\Windows\System32\drivers\bthmodem.sys 66B791F6B11DC4303DD18A224A501542
C:\Windows\System32\drivers\bthpan.sys D0AF91AF656E25AD8617EFA5B52EF457
C:\Windows\System32\Drivers\BTHport.sys 0CC00ADC1B84C93FB46E1A0974E956E1
C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6
C:\Windows\system32\drivers\N360x64\160A000.055\ccSetx64.sys C407C0279B86DA6C36741B4AF80BF630
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 39D72BA91AFE3C81C1AB0DE41AA07EF3
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys C8823A6ECE66B997C8E9F413D1D671E7
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93
C:\Windows\System32\Drivers\dfsc.sys 4FED6AD69C9EE1EE7FD3C88437138855
C:\Windows\system32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\Windows\System32\drivers\dxgkrnl.sys 24C40570BAFEA48E9CB2B87008DCA152
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys E2B6BCFFB9E7A6DD12367DADF817727C
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11721.sys C3FE4DDCA09DEDD53E36BC8529E2F041
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 967803F9908F68CD0BE07CA34B756C8F
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys D4AB6EE3D715BC44C00277FD934FAACF
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\drivers\iaiogpioe.sys A7528907E163E60EFEBFC76C42868E9B
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 61C5D4EF4BE4EA271B90135490C67447
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaioi2ce.sys A7CFF798E71C93EA6C3232F550F12E4A
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\IPSDefs\20171124.001\IDSvia64.sys 53C62B1F7DC9134130C688A2FCDEDADE
C:\Windows\system32\DRIVERS\igdkmd64.sys 142CFBE6ED0E498CCA7ABE8DD932C1AF
C:\Windows\system32\drivers\intelaud.sys F0F581A2299CB2BAB1DF2597BCDDB80F
C:\Windows\system32\drivers\RTKVHD64.sys 2DF4ACBD8897D56091C9873DE210C2BD
C:\Windows\system32\DRIVERS\IntcDAud.sys 8E4044C6B71B2F837166F6EDB6BF9100
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys A770340FC02B999EF0DE6C2A6BC8437C
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys C378ED678D1316721A40E1F60FB76184
C:\Windows\System32\drivers\iwdbus.sys C2BC9AC9C6514230A481BDCA6A24BEFD
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys 304DA394D958BC3B62AF6DF514005B01
C:\Windows\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\LMDriver.sys 4ACC60B4CBC911F3F34A1D66213BBBF5
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys E5E8665272EBCD87A0A632314F0D221D
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys 3F818C1518DA702C8F10259095C9BDE0
C:\Windows\System32\DRIVERS\mrxsmb.sys E2FC654EC895E92A022794329BFC53EC
C:\Windows\System32\DRIVERS\mrxsmb10.sys B213149BE26DD213C44AD61DB19C1251
C:\Windows\System32\DRIVERS\mrxsmb20.sys B37B58F9F80A51098C42663D5FA5F2BA
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 057B856BECFF7CFE87DD3829DD41AE91
C:\Windows\System32\drivers\ndis.sys FFAA6C6E798FBA448FA7628A1B277F5C
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys 82821F4EEC776B4CF11695A38F3ABA46
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\System32\Drivers\NDProxy.sys DDD7F92A83F74D1476B71FBA9530A8DC
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 275CF7F20338B2B1F5264C665033073F
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 57DCE4FB0467986AE78E1C6FC5240D32
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys E6B3ACBA06BAF48594557FCCBFA66FD2
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\drivers\RadioShim.sys 6A52182919E25FB56D253D389F92CE98
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 2D39BCFA4DD1081B8F282B623456B858
C:\Windows\System32\drivers\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\Drivers\RtsUVStor.sys 99E927EA78E4B20F02B4B900F6FAB569
C:\Windows\system32\DRIVERS\Rt630x64.sys 7CC0D898D00675F14BA0C4BF056C1CF4
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys FA7ABD857DEB0FE3C94CC39A4C845E66
C:\Windows\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 1F0135949A6AD6025F363F80FE268251
C:\Windows\System32\drivers\serial.sys 81633C87B42B63BA484A6177179AC750
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\Drivers\Soluto.sys F9369327409492097B0BB7CE86BD29DE
C:\Windows\System32\drivers\spaceport.sys F6AF6499C3788105EA7AF1DA27769A77
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\system32\drivers\N360x64\160A000.055\SRTSP64.SYS 9225E5323704993E6C557F8ABCEF2A66
C:\Windows\system32\drivers\N360x64\160A000.055\SRTSPX64.SYS 96E5695385228F99509DD505EA4F1F37
C:\Windows\System32\DRIVERS\srv.sys 6A697F8A01C0E7C22D45091E6E8BC5A9
C:\Windows\System32\DRIVERS\srv2.sys 2BDC8B9E7AA11C5C1D77E4CFA27219E0
C:\Windows\System32\DRIVERS\srvnet.sys BB53DBB28A7A0E64F3560FE08A8AFBB1
C:\Windows\system32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 1D5A045F59D216448FCDE3A8D69970E2
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\System32\drivers\N360x64\160A000.055\SYMEFASI64.SYS 204B80C2C5B2E87E9558CC2D1C2D8BB5
C:\Windows\System32\drivers\N360x64\160A000.055\SymELAM.sys 3123BDBFE5CF061035D79CB3F3075F82
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 674908D3CE54EE5336DC545CB2A39702
C:\Windows\system32\drivers\N360x64\160A000.055\Ironx64.SYS EF84A42B86BCBDCB88F3C8849170492D
C:\Windows\system32\drivers\N360x64\160A000.055\SYMNETS.SYS 8CF934DF2A8C1BDFA766D3E137A11986
C:\Windows\system32\DRIVERS\SynRMIHID.sys 1BCD06B8BA217CB73FDFF07E7921AC2D
C:\Windows\System32\drivers\tcpip.sys 4C58B60C1E6A2946D6E3D67A36E5E03E
C:\Windows\system32\DRIVERS\tcpip.sys 4C58B60C1E6A2946D6E3D67A36E5E03E
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys 576FA545FAB846B06E79B324160DE25C
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\Windows\System32\drivers\TXEIx64.sys E624283C1A2F9BB4688A002914CC00A7
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86
C:\Windows\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\Windows\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\Windows\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\Windows\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0
C:\Windows\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 8ABB4BABF59F092DF0B43778D8FD1884
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\Windows\System32\drivers\volmgrx.sys 7DD4EAE2E680948D9AFF3E1B5234C1D3
C:\Windows\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D
C:\Windows\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys 71066FF95C487327E44C8AF1B72EBE8B
C:\Windows\system32\DRIVERS\vwififlt.sys 29AB43937FFDA0B0FB56984226E698C6
C:\Windows\system32\DRIVERS\vwifimp.sys 8B8624A93E3F88CB923AEB05B6313227
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\drivers\WdBoot.sys F2E08D1C067FEFC3A42D21FD4810F1D3
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys E234820E6B84ABA5E84E00227F505AE8
C:\Windows\System32\Drivers\WdNisDrv.sys A74AD6D80AC26E1B5DD276FC927F2BAC
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\System32\drivers\WinUsb.sys 3AF1FA17F1C4ACBDB660D8F98B1A9C13
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\Windows\System32\drivers\WSDScan.sys 58035FD3369879E02D65989C44D27450
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-28 08:42 - 2017-11-28 08:42 - 000000000 ____D C:\FRST
2017-11-27 22:11 - 2017-11-27 22:11 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-11-27 21:15 - 2017-11-27 21:15 - 000000000 ____D C:\Users\Ronnie\.libclearfi
2017-11-27 21:05 - 2017-11-27 21:06 - 000000000 ____D C:\Program Files\Bonjour
2017-11-27 21:05 - 2017-11-27 21:06 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-27 21:05 - 2017-11-27 21:05 - 000000000 ____D C:\ProgramData\Apple
2017-11-27 20:57 - 2017-11-27 20:57 - 000003338 _____ C:\Windows\System32\Tasks\abDocsDllLoader
2017-11-27 20:57 - 2017-11-27 20:57 - 000001969 _____ C:\Users\Public\Desktop\abDocs.lnk
2017-11-22 14:19 - 2017-11-22 14:19 - 000000000 ____D C:\Program Files\Common Files\AV
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 07:36 - 2014-05-20 02:12 - 000000852 _____ C:\Windows\system32\Drivers\RTKHDRC.DAT
2021-10-04 01:34 - 2014-05-20 02:12 - 000000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT
2017-11-28 08:41 - 2017-08-10 23:46 - 000000000 ____D C:\Users\Ronnie\Documents\Bluetooth Folder
2017-11-27 21:57 - 2014-08-12 15:15 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-116401916-3029618134-1469963879-1001
2017-11-27 21:52 - 2014-08-12 15:37 - 000002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-27 21:52 - 2014-08-12 15:37 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-27 21:34 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-27 21:15 - 2014-08-12 15:11 - 000000000 ____D C:\Users\Ronnie\AppData\Local\clear.fi
2017-11-27 21:15 - 2014-08-12 15:08 - 000000000 ____D C:\Users\Ronnie
2017-11-27 21:15 - 2014-05-01 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-11-27 21:01 - 2014-08-12 15:08 - 000000000 ____D C:\Users\Ronnie\AppData\Local\SweetLabs App Platform
2017-11-27 21:01 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-11-27 20:57 - 2014-05-01 19:15 - 000000000 ____D C:\Program Files (x86)\Acer
2017-11-27 20:53 - 2015-08-23 09:17 - 000003442 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-11-27 20:52 - 2014-08-12 15:21 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6DBED705-5263-4AFD-A506-703CE9CB7A60}
2017-11-27 20:52 - 2014-04-30 05:55 - 000000000 ___HD C:\OEM
2017-11-27 20:50 - 2014-03-18 03:47 - 000005388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-27 20:46 - 2014-08-12 15:16 - 000000000 __RDO C:\Users\Ronnie\OneDrive
2017-11-22 13:55 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-22 13:55 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2017-11-22 13:54 - 2013-08-22 08:44 - 000346744 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-22 13:51 - 2013-08-22 07:25 - 000786432 ___SH C:\Windows\system32\config\BBI
2017-11-22 13:43 - 2014-08-12 15:37 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-22 13:43 - 2014-08-12 15:37 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-22 13:37 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\AppReadiness
==================== Files in the root of some directories =======
2016-01-08 17:15 - 2016-01-08 17:15 - 006420480 _____ () C:\Program Files (x86)\GUTB2C3.tmp
2014-05-20 02:12 - 2014-05-20 02:12 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-12 15:22 - 2014-08-12 15:22 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
2017-11-27 20:57 - 2017-11-27 20:57 - 001856576 _____ (Oracle Corporation) C:\Users\Ronnie\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-08-14 00:18 - 2017-08-14 00:18 - 063610200 _____ (SweetLabs,Inc.) C:\Users\Ronnie\AppData\Local\Temp\oct33F0.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {472a5d72-dffa-11e3-8f17-f8a96377661a}
                        {472a5d73-dffa-11e3-8f17-f8a96377661a}
                        {472a5d74-dffa-11e3-8f17-f8a96377661a}
timeout                 0
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {e157c501-e00a-11e3-9719-f8a96377661a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
Firmware Application (101fffff)
-------------------------------
identifier              {472a5d72-dffa-11e3-8f17-f8a96377661a}
description             EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier              {472a5d73-dffa-11e3-8f17-f8a96377661a}
description             EFI DVD/CDROM
Firmware Application (101fffff)
-------------------------------
identifier              {472a5d74-dffa-11e3-8f17-f8a96377661a}
description             EFI Network
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e157c503-e00a-11e3-9719-f8a96377661a}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e157c501-e00a-11e3-9719-f8a96377661a}
nx                      OptIn
bootmenupolicy          Standard
detecthal               Yes
Windows Boot Loader
-------------------
identifier              {e157c503-e00a-11e3-9719-f8a96377661a}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{e157c504-e00a-11e3-9719-f8a96377661a}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{e157c504-e00a-11e3-9719-f8a96377661a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
Resume from Hibernate
---------------------
identifier              {e157c501-e00a-11e3-9719-f8a96377661a}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {e157c503-e00a-11e3-9719-f8a96377661a}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
EMS Settings
------------
identifier              {emssettings}
bootems                 No
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
RAM Defects
-----------
identifier              {badmemory}
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Acer Recovery Management
ramdisksdidevice        partition=\Device\HarddiskVolume5
ramdisksdipath          \boot\boot.sdi
Device options
--------------
identifier              {e157c504-e00a-11e3-9719-f8a96377661a}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2017-06-27 19:40
==================== End of FRST.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 28 November 2017 - 09:58 AM

ADDITIONLOG

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by Ronnie (28-11-2017 08:45:16)
Running from D:\AcerLapTop
Windows 8.1 Connected (Update) (X64) (2014-08-12 21:08:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-116401916-3029618134-1469963879-500 - Administrator - Disabled)
conne_000 (S-1-5-21-116401916-3029618134-1469963879-1002 - Limited - Enabled) => C:\Users\conne_000
Guest (S-1-5-21-116401916-3029618134-1469963879-501 - Limited - Disabled)
Ronnie (S-1-5-21-116401916-3029618134-1469963879-1001 - Administrator - Enabled) => C:\Users\Ronnie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (HKLM-x32\...\WTA-090f464f-5751-4e17-893f-87262a261b0e) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-316abee2-8ecb-422c-bda3-82ab68ae1248) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-46d7a4a7-2834-427a-87c1-d30749b301f4) (Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Host App Service (HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\SweetLabs_AP) (Version: 0.269.8.135 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (HKLM-x32\...\WTA-80a73f26-99a2-4990-ab68-a3bb07657c44) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-56c8a730-a731-4d8f-b2a9-cbd0c380e668) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.10.0.85 - Symantec Corporation)
Peggle Nights (HKLM-x32\...\WTA-c07e4b07-9368-4cbd-a2a4-ccd6f32350d3) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-58a585d6-70b1-4db9-803a-e602aa2a6946) (Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.135 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-0d842bf8-36c2-42d8-8d33-a7942b97bc67) (Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-7d91b69d-97db-4107-a9b2-9fce398715f6) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-116401916-3029618134-1469963879-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-02-25] (Qualcomm®Atheros®)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-02-25] (Qualcomm®Atheros®)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-07] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-07] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {013B9E8C-F806-4DA0-9D87-DB65E9CE4164} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {0DF443BB-5126-4A87-B25B-06E7A46A433A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {2C0CA8E2-BAF0-44F7-957B-683A12637068} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {33CEE0C6-A397-4114-87F3-7C1BC4BAF9FE} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {36C58928-E41A-4EDB-A1D3-7E00CBB56F95} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {43314E6D-BF7B-4C5B-8A89-5DB85F79E4DE} - System32\Tasks\SweetLabs App Platform => C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2017-08-11] (Pokki)
Task: {4A718D89-0A69-4BF7-B2B1-09AB9B6E8717} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {57B8A400-7926-4E91-B4E9-9C123A6E7C24} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {7106A004-F621-4784-82D9-52D2CBDC9C52} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {7A0F013C-1DF6-4496-9389-ABDE2696DE8C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {7AD897BB-73CB-4729-92AF-C19CDA4C5B20} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {8BE82754-1203-42AE-BBFC-1516B29B9E4D} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2017-09-28] ()
Task: {8FB5C9BE-0B1B-423F-BF92-A0CF627C5603} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {A6344E6E-78EC-41DD-852D-BBFDFA81D7B3} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {AEAEDFD8-92B5-45C4-B7E4-B6D12618D2C5} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {B13B2A56-5FEA-4106-8633-1A8815EA7C38} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {B7A40401-86DB-4B31-BE18-A8AE60C9150B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C0B16F6E-F421-4566-80AB-C7BCE3B16048} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C32F5460-8872-4FDF-9E1E-02CB765DA4CE} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {CC229469-BD1D-4F5D-866E-A21C89D4AE21} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {EA2637C2-99D6-42DA-AB43-587508E7608B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2014-05-20 02:45 - 2012-04-24 04:43 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-20 02:57 - 2014-01-03 15:13 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-02-25 23:14 - 2014-02-25 23:14 - 000011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 23:11 - 2014-02-25 23:11 - 000086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 23:17 - 2014-02-25 23:17 - 000012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2017-09-28 17:21 - 2017-09-28 17:21 - 000091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2017-09-28 17:21 - 2017-09-28 17:21 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-05-31 10:52 - 2015-05-31 10:52 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-11 06:51 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-11 06:51 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-11 06:51 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-11 06:51 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-11 06:51 - 2012-04-03 16:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2017-09-28 17:21 - 2017-09-28 17:21 - 000277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-11-27 20:53 - 2017-11-27 20:53 - 000015136 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 12:35 - 2017-09-26 12:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 12:34 - 2017-09-26 12:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 002291488 _____ () C:\Program Files (x86)\Acer\abPhoto\QtCore4.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 008175392 _____ () C:\Program Files (x86)\Acer\abPhoto\QtGui4.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000198944 _____ () C:\Program Files (x86)\Acer\abPhoto\QtSql4.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000922912 _____ () C:\Program Files (x86)\Acer\abPhoto\QtNetwork4.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\StartupApproved\Run: => "AcerPortal"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{246C9E9B-8A69-496A-9787-EA3D25D95E07}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{12E8146C-7F2A-47A9-88CE-786126FDE319}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{AA20C017-5703-47DA-99D0-9D78FBCE0E9F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D350339F-6776-4DCC-BAE7-1661A427CC87}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{C6D277CC-F849-4EF8-87DF-7C33E3894AC2}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{70F45B6D-730A-4DAD-A014-F9E95D20F860}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{25D844DB-EF62-4BB9-A944-A0B742527CB6}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{2521060A-7791-40E8-AD5A-D58A0EDEC06B}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{0D8D8305-F6FE-4D68-BA19-E0D5538881CF}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{C675C40B-E3A4-4D8A-A862-8A300421A0F9}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A5EBD85E-9803-4BC2-88F9-D0F935077BE8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{75EDBD92-8699-4250-8E8B-54A6D9D9E3A8}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FD19A1FC-79E0-460C-BFA4-0F8AAC147A4F}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A42B8458-A3BE-4EFF-A396-D6FF443972CC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{860A6F11-1AC1-4D9C-B9B8-952246608A7B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{AA74A7A1-38EA-49BC-9EF1-DDF575B7314A}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{ECF92517-54B0-4DD1-A3C4-176D3852017C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{AD3A36FB-68EF-4BC3-9E2D-6946B09F854B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{2E97EBA7-A450-4A6C-B228-FF407212B660}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{82FD95DF-D1B7-4593-A14F-1827392B8DF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{157AA669-A0C4-489C-8796-DCCB54B0FA2F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{DB8ABE84-F5D5-43F0-AB63-E38C9A881E28}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5E0C9600-15BE-480A-AD33-BB36C7518F1C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{3438BD57-DC44-4085-8C12-345CA7B9201F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{3D1D42A7-9A37-4DB4-A670-5CFB6D953112}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2C122C43-CD29-4B93-A7CB-0C475E0E8CD5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D20FC349-96A1-4447-9759-582D5A20B0FC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7B34429B-A27F-40EF-A315-DB958310A800}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{FA74B466-51D9-4182-8658-FE8331898FF3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{625903A9-6C7A-47B7-B246-6CC883535A8E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D53D2408-DF82-412F-81A8-DF59262FF1AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{160AA9B4-D870-4C35-B49B-14E26F5D337D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{E8330A1F-DDF1-49D5-846B-43AAC193E0B9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{3EBA143C-2D73-4E90-997C-62E3493400F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{76A916C1-89AB-4B0F-B11C-2CCE4186F2CD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{919F2FB0-8E52-452F-BD8E-85891E943D26}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{39B6D2B2-7875-4AE9-A7B2-49E92DA792B0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{1BA0E57E-A607-441D-814B-19A03CD98C0C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{1F42F208-9C05-47FB-BD4F-2E85CB741BD8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{1B878C0E-4F6F-4BED-9F55-AC868FE2DA7D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{A9E48CA5-F751-44D3-9EE1-BBDB37AA4518}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{B174A4CA-56EE-4226-A772-7799A25E3033}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{31A69C3D-6E59-409D-AF40-F448D7437DBC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{B9CC86BE-C43D-41A3-8BC2-5AC583D8B6DB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{BD0A2911-8476-4894-9EA6-C382098585CD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D22FE9BF-B788-43CE-942D-590BF49C4ECC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C52F609C-E0BB-4128-9F41-DB5ECB5CAC3E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{142CD41F-DF56-440E-8AB6-C4B6BDFA47F1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7C359FEF-0777-4CED-9D64-F380F0CF087F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FA1F4FD4-CDD1-447B-97A4-38B86E00195A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{746FF766-F806-42DB-BFBC-AEE43CF6FA39}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F95D604E-84FD-4411-BF98-2009F6F1D4F9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2640B208-2145-4763-9596-2E612431A9E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{520AF305-C1DE-4AEF-9FA3-BD176FFE5FA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{530A8801-EF64-4BE6-A130-0553DF07BD26}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BF09A63D-7D7F-4BAB-ADF7-879F7D27A587}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8F6D40B6-3A65-49F5-813F-76524D1B0D98}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1D10C285-4109-4A6C-AB90-1118960D2977}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0317D434-8D64-49FA-828A-D98FDDDA6A76}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{79F60F66-3AF5-4BEE-B2D7-67C4A52E3DC0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{30DEFB15-D360-41D8-ABC3-E7631F2CF79C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E2B1D14D-5399-4856-B258-73753792DE93}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C018B2A6-9A4F-40F9-AEA4-D019588023E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2975C0E0-672C-49FE-BF55-84A94DB1927D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6FE2569F-88D2-48ED-B728-140EF825BBF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{198481DC-DBEF-4AC4-BAF8-8F90C39D1ACE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9B53D057-3B81-4A59-80AD-A387A44E50E2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{101EACEB-4449-4E36-83AF-8C58C1E6346F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{59C5DC70-CBE2-4DB9-AACA-BC6376569706}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E343CBF2-2AF3-479A-9BA0-7D7982AA6DF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FF24364D-4036-4339-8760-4D9268DD0754}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1AB1553E-2580-4B6F-8AD3-BBFAF6119204}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E8022F7D-BB27-43BC-BAE5-8932B0122915}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{99C68D57-C882-48D8-BD8E-7495BBBD04DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{17EF525F-D1ED-4C9C-844F-928D74D3D8E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BC4218C1-6930-4305-9930-273670F7AC8D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C81303FD-D76D-4DF4-9902-1B1A0F6716D7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1BBAC8BE-6DC6-4991-8194-FFF720F7586C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7004A6A3-111D-44F8-89CB-A624F6E38A53}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B13EE092-E8CB-4F59-A048-B099379FB53E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4535AC9C-DAE3-4D5F-8B53-B78346D22D68}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CF8E5849-301B-41F8-BBC8-DA4B49F60193}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DC45C585-8D80-49AB-9D42-9C6766B295D3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0759DB9C-D7CC-49FB-AF0E-01E8F7B9EE15}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1C6D32F9-1B65-46E9-8FDF-5E16478BF531}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2E4B4197-9E14-4947-9797-49975FF5560B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{59DF644F-9773-4E1C-921F-591595D8920C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F9753E65-100C-43A5-8603-9588F8285EAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4F0F6737-DACD-4B10-873A-E7197502D156}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8335A00D-79FB-4FF0-947F-EC1C02C8EA62}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CBFE20B3-9DFA-4AA3-A284-B7F8284421E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4A717586-C0E7-4085-817B-E1333763E402}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D15242F0-6BC1-47F3-A4F2-E26754BD08AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3C5BAA8E-1F0C-453F-8FB7-F75BA43EB608}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2C39E29A-7C66-4D59-A20A-5085AB856645}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9F63BBF8-C6A1-4522-AE47-5C177C72C3B3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CCF13FE0-EBFA-49BC-AFA2-67F7FE23C558}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C168EE8B-E3BF-45C4-8486-C47D86CBFD29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{661F6DE1-8249-44CD-9F6B-6268167A5F25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7EFA09F1-64F9-4AC9-844A-ADC639C8F2EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{90801110-52B2-4815-A16B-FEDE3839710D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BB60C464-694B-401C-B35E-38A4C820E1DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{956EAA20-02E6-4792-9F7F-5A0B30EC4E2E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D59E0105-9E72-4B0D-8253-2052E793DB7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{62D57477-8744-4011-BCA9-5626F3CAB03C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5140D533-ADD9-4190-97B5-082ECF1A506B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{36179163-5505-41A7-A3C1-B78DEAF7DB4E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E663C394-1BF1-4DA4-9623-53CD5B8DEABB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4EA47A4A-1B56-4371-82CC-21975D801F86}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{05D3BA5B-09B8-42B5-8D34-5CD16F90626C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C13719C4-FC64-4FC6-921E-4053D9E13A4F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{353D8965-909F-40E7-91BF-AA45A04D98F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C6A38735-38F5-4547-866E-CB469FC0AE2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{416EBA57-BC62-4E21-9279-1BC2E1CE966F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F0ACA68-7084-4C9D-8B1A-8331AE9E75E9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{10812656-EA45-4E10-B61B-6FBDD5ABC046}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{47488D51-ADCC-42A1-902E-206BD37FB1E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{61429C7E-6C8C-4107-9A5D-865D7EE4956A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A34017FC-A084-4D7C-BF8E-A0CDEC137B78}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06FC5EF1-C0B4-4992-B576-69518DAFD036}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{672F5E35-562D-4312-98B5-DC27DE5B949B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{391B692C-69F8-4DB8-8681-82B0777BEC6A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{079DE585-22FC-4227-9935-8A96F7ADB422}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6CAFF49B-B132-4457-B644-5C07D0E1F50C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7A5D4C80-0663-463F-AC21-366B8C26953A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B3DADD92-96BE-4A65-BF4F-3B35E50C243D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E0275302-5C9C-41F0-9796-1C4A09D6A48B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E29BF793-5C35-4F8A-8718-4BABBCD2FF29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D0B5A838-F442-4775-82DB-A9F4A60A4071}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F84371E7-445D-4878-BC5A-0C64C718E23F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B74A52E3-3109-43DE-8409-40F52CF0E972}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{01D636F9-3226-4823-9423-4361C1653060}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{26798BBE-93B5-4018-BE95-7AAC03449DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FCE8E9F7-8740-4C91-9B3A-238CC96405EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B5F03588-2CAE-4C4E-9AFC-DFBE258EBB90}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{03CCBF21-C870-418F-987A-3BAC67DA31A7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2EF7F337-EA34-4D5E-9237-CD11856B8E48}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{183E8636-8421-4D31-90D8-4FB5EEA02F1E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2E64DA14-166B-4236-B42F-37CE73555186}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D9D20DDD-67C4-4377-B550-8EE4480875B6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4B874A13-9DF6-428B-A3DC-0112E3D8565E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{69E5960F-7023-460A-B186-90B4880B4D10}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CBCD094F-A22F-40DF-9E30-3918678450A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BF297F80-3673-44DE-AA8C-A7FDD8A4246D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8C33775F-907D-40E0-87E4-87252D1F7BC5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1AE3A6D2-27CC-494B-A680-66BB6234FEBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B74D80EA-69AC-4DDF-B5D1-F084ABDE5BB4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C56FAFFA-194B-4893-A2DC-97FAC9BD6176}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7F185AAB-105C-42BF-ADC5-567A9D82CDE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{77E2AD52-67F7-4687-9FA2-19D988179DAB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E27EFBE7-40F4-4BA3-9C8E-8AC4F23CD337}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A02B0282-B208-4E6C-AAC4-A8EE596EAFC5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E0B8A58F-FB7F-4E11-9F51-5E35354BC141}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C0747AD8-9262-4A53-B2A0-AD195B87C753}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{96F800A3-F548-4C3C-BEC2-C95E17BAC85A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E87D5038-E1CD-4052-9463-BD7ACF896A25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A4225B51-758B-47A5-BF2A-A268EB20D320}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2EA3D724-EA79-4D97-8F38-ADF2249E0566}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{15961803-3858-4635-AB51-3099B47EAA3D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A159E2B-FA94-4437-86C8-DDAAC6FAB776}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C50899DD-4358-4D87-8F6E-385B3E388D96}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6C1DB6ED-73B0-4732-9194-7ABD1AB7B661}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D798481A-D654-4A37-8112-C10FA716DF11}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{58AAF152-4DFE-499A-AC98-86434E8B9778}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{025D76A0-1A5D-424E-9A21-9DA1C89BA6C8}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{1F8B39A0-E125-45A9-B4AD-D095D88B801F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EF3F4F5D-A1BD-4735-A53E-7AF1064EB961}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54D8F6B0-0096-4B38-9D6F-C14493C192B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
31-05-2017 15:00:42 Windows Update
19-06-2017 06:46:09 Windows Update
10-08-2017 21:44:41 Windows Update
14-08-2017 00:11:07 Windows Update
27-11-2017 21:28:13 Checkpoint by HitmanPro
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/28/2017 08:45:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/28/2017 08:45:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/28/2017 08:41:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19437859
Error: (11/28/2017 08:41:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19437859
Error: (11/28/2017 08:41:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/27/2017 09:37:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 468
Start Time: 01d367f98ab1a3f0
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 7e7be305-d3ed-11e7-8291-b8ee65dd43dc
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (11/27/2017 09:28:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b6b65243-3ebb-49ca-8225-af35f153a5e2}
Error: (11/27/2017 09:07:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 19c4
Start Time: 01d367f559fd1919
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 4d9b6cd4-d3e9-11e7-8291-b8ee65dd43dc
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (11/27/2017 08:51:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: cec
Start Time: 01d367f319186a49
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 0ecfd4b2-d3e7-11e7-8291-b8ee65dd43dc
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (11/27/2017 08:50:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (11/28/2017 08:41:32 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (11/22/2017 02:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (11/22/2017 02:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (11/22/2017 01:55:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/22/2017 01:55:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (11/22/2017 01:49:30 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (08/14/2017 12:18:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (08/14/2017 12:18:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (08/11/2017 08:22:25 AM) (Source: DCOM) (EventID: 10010) (User: CONNERS)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
Error: (08/11/2017 08:22:25 AM) (Source: DCOM) (EventID: 10010) (User: CONNERS)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2015-09-06 14:32:59.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:58.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:58.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:58.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:57.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:57.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:56.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:56.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:56.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
  Date: 2015-09-06 14:32:55.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 56%
Total physical RAM: 3979.2 MB
Available physical RAM: 1723.82 MB
Total Virtual: 7307.2 MB
Available Virtual: 4934.38 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.06 GB) (Free:386.41 GB) NTFS
Drive d: () (Removable) (Total:28.63 GB) (Free:28.6 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FFA8F7BB)
Partition: GPT.
========================================================
Disk: 1 (Size: 28.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================


#3 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 28 November 2017 - 10:00 AM

​SHORTCUT TXT

 

 

Users shortcut scan result (x64) Version: 16-10-2017
Ran by Ronnie (28-11-2017 08:46:54)
Running from D:\AcerLapTop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> c:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\Ronnie\AppData\Local\Pokki\Engine\HostAppService.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk -> C:\Users\Ronnie\AppData\Local\Pokki\Engine\HostAppService.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Program Files (x86)\Spotify\SpotifyLauncher.exe (Spotify Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_45\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -> C:\Program Files\Java\jdk1.8.0_45\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10\PowerDirector 10.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3\CyberLink PhotoDirector 3.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector3\PhotoDirector3.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Tool\IJ Network Tool.lnk -> C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series\Readme.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon MG5200 series\readme_English.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 1Button App\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abMusic.lnk -> C:\Program Files (x86)\Acer\abMusic\abMusic.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Power Management.lnk -> C:\Program Files\Acer\Acer Power Management\ePowerUI.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporate)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Recovery Management.lnk -> C:\Program Files\Acer\Acer Recovery Management\eRecoveryUI.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User Experience Improvement Program.lnk -> C:\Program Files\Acer\User Experience Improvement Program\Framework\Setting.exe (acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User's Manual.lnk -> C:\OEM\Preload\Autorun\GUI\Acer User's Manual\00\OnePager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Video Player.lnk -> C:\Program Files (x86)\Acer\Acer Video Player\AcerVideoPlayer.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk -> C:\Program Files (x86)\Acer\Identity Card\IDCard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Live Updater.lnk -> C:\Program Files (x86)\Acer\Live Updater\updater.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\conne_000\Links\Desktop.lnk -> C:\Users\conne_000\Desktop ()
Shortcut: C:\Users\conne_000\Links\Downloads.lnk -> C:\Users\conne_000\Downloads ()
Shortcut: C:\Users\conne_000\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\conne_000\Documents ()
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\conne_000\Pictures ()
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\zuukaInc.iStoryTimeLibrary_phapb5x6gdepm\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\ZinioLLC.Zinio_0q6dqzpp40p2e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\ZeptoLabUKLimited.CutTheRope_sq9zxnwrk84pj\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\ZeptoLabUKLimited.CuttheRope2_sq9zxnwrk84pj\game.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\WildTangentGames.-GamesApp-_qt5r5pa5dyg8m\WTGames.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Trapped.CanYouEscape_bhn6e84ggqs1p\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.TalkingTomCat_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.TalkingTom2_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.TalkingSanta_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.TalkingPierre_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.TalkingGinger_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.TalkingBen_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\OutFit7Limited.MyTalkingTom_rmf98d2bjqpyp\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\MiniclipSA.GravityGuy_gpanv85qtf6rc\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\Microsoft.XboxLIVEGames.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk -> [LFz1SPSU(Ly9K-u2microsoft.windowscommunicationsapps_8wekyb3d8bbweGmicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweQmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.CalendardC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe1SPSMԆi<D*TQ ModernCalendar\CalendarLogo.pngU!ModernCalendar\CalendarBadge.png]%ModernCalendar\CalendarSmallLogo.pngY$ModernCalendar\CalendarWideLogo.pngQ3]%ModernCalendar\CalendarLargeLogo.pngMms-resource:calendarAppTitleY$ModernCalendar\CalendarTinyLogo.pngi1SPS0%G`Mms-resource:calendarAppTitle-1SPSwlE[([8װY1SPSOYMGm=Microsoft Corporation] (No File)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk -> [LF1SPSU(Ly9K-u2microsoft.windowscommunicationsapps_8wekyb3d8bbweGmicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweMmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.MaildC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwev1SPSMԆi<D*TIModernMail\Res\MailLogo.pngMModernMail\Res\MailBadge.pngU!ModernMail\Res\MailSmallLogo.pngQ ModernMail\Res\MailWideLogo.pngrU!ModernMail\Res\MailLargeLogo.pngEms-resource:mailAppTitleQ ModernMail\Res\MailTinyLogo.pnga1SPS0%G`Ems-resource:mailAppTitleq1SPS}@H1U!ms-resource:mailShareDescription-1SPSwlE[([8װY1SPSOYMGm=Microsoft Corporation] (No File)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk -> [LFr1SPSU(Ly9K-u2microsoft.windowscommunicationsapps_8wekyb3d8bbweGmicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweOmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.PeopledC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe1SPSMԆi<D*TAModernPeople\People.pngMModernPeople\PeopleSmall.pngIModernPeople\PeopleWide.pngG&MModernPeople\PeopleLarge.png]%ms-resource:///strings/peopleAppNameIModernPeople\PeopleTiny.pngy1SPS0%G`]%ms-resource:///strings/peopleAppName1SPS}@H1e*ms-resource:///strings/raShareDescription-1SPSwlE[([8װY1SPSOYMGm=Microsoft Corporation] (No File)
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Taptiles_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftTreasureHunt_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.HelpAndTips_8wekyb3d8bbwe\HelpAndTips.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingMaps_8wekyb3d8bbwe\AppexMaps.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\HuluLLC.HuluPlus_fphbd361v8tya\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\HalfbrickStudiosPtyLtd.FruitNinja_w77bc8x1h5kya\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Evernote.Evernote_q4d96b2w5wcc2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\com.amazon.kindle.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Amazon.com.Amazon_343d40qqvtj1t\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\AcerIncorporated.AcerExplorer_48frkmn4z8aw4\AcerExplorer.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\A278AB0D.IceAgeAdventures_h6adky7gbf63m\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\9708NakedMonkey.LastSurvivor-ZombieAttack_7n7c33bqvx4p8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\59982Megasoft.ToyWarrior_6jhhvbe1qtrc0\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\59982Megasoft.BalloonShooter_6jhhvbe1qtrc0\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\4DF9E0F8.Netflix_mcm4njqhnhss8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\48AD0183.NextIssueMagazinesforAcer_w8az3ffzyab5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\34791E63.CanonInkjetPrintUtility_6e5tt8cgb93ep\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\29352GalleryImages.RunfieldFox_8cearpz8v2nym\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\21674RAJATTYAGI.AllGamesHack_yntsb40dym3p6\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\2.0Studios.Blockworld_ax09znf4cqrvy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\2.0Studios.154761F3F234C_ax09znf4cqrvy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\1ED5AEA5.AngryBirdsSpace_p2gbknwb5d8r2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\1ED5AEA5.AngryBirdsBlack_p2gbknwb5d8r2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\1824C3AD.3DSuperBowling_xcb6zpf0p1p46\App.lnk -> Tile and icon assets
Shortcut: C:\Users\conne_000\AppData\Local\Microsoft\Windows\Application Shortcuts\06DAC6F6.StumbleUpon_9pdyks8yk4v0j\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Ronnie\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Ronnie\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)
Shortcut: C:\Users\Public\Desktop\abMedia.lnk -> C:\Program Files (x86)\Acer\abMedia\abMedia.exe (No File)
Shortcut: C:\Users\Public\Desktop\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (Acer Incorporated)
Shortcut: C:\Users\Public\Desktop\Canon IJ Network Tool.lnk -> C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE (CANON INC.)
Shortcut: C:\Users\Public\Desktop\CyberLink PhotoDirector 3.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector3\PhotoDirector3.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\eBay.lnk -> c:\Windows\Installer\{91589413-6675-4C27-8AFC-EFB9103B90A5}\_1ADE67C705AECB54139530.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Help and Support.lnk -> C:\Windows\System32\OEM\HelpAndSupport\Help and Support.ico ()
Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Ronnie\OneDrive\Documents\eManual.lnk ->
Shortcut: C:\Users\Ronnie\OneDrive\Documents\Welcome to ASUS Product Registration.lnk ->
Shortcut: C:\Users\Ronnie\OneDrive\Documents\Why ASUS PC.lnk ->
Shortcut: C:\Users\Ronnie\Links\Desktop.lnk -> C:\Users\Ronnie\Desktop ()
Shortcut: C:\Users\Ronnie\Links\Downloads.lnk -> C:\Users\Ronnie\Downloads ()
Shortcut: C:\Users\Ronnie\Links\Mobile Uploads.lnk -> C:\Users\Ronnie\Mobile Uploads ()
Shortcut: C:\Users\Ronnie\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Ronnie\Desktop\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{COMCAST-NSS2210085-SOS} ()
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Ronnie\Documents ()
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Ronnie\Pictures ()
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporate)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Canon IJ Network Tool.lnk -> C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE (CANON INC.)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Program Files (x86)\Spotify\SpotifyLauncher.exe (Spotify Ltd)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\zuukaInc.iStoryTimeLibrary_phapb5x6gdepm\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\ZinioLLC.Zinio_0q6dqzpp40p2e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\WildTangentGames.-GamesApp-_qt5r5pa5dyg8m\WTGames.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\NewAer.ShareReadOnly_byc129bykq9rr\App.lnk -> [LF>1SPSwlE[([8װI1SPS0%G`-NewAer Share1SPSU(Ly9K-Y#NewAer.ShareReadOnly_byc129bykq9rra'NewAer.ShareReadOnly_byc129bykq9rr!App1SPSMԆi<D*T5Share (Read Only)QC:\Users\Ronnie\AppData\Local\Temp\NewAer.ShareReadOnly_byc129bykq9rr\App-sl.pngPC:\Users\Ronnie\AppData\Local\Temp\NewAer.ShareReadOnly_byc129bykq9rr\App-l.pngQC:\Users\Ronnie\AppData\Local\Temp\NewAer.ShareReadOnly_byc129bykq9rr\App-wl.png***] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\Microsoft.XboxLIVEGames.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk -> [LFz1SPSU(Ly9K-u2microsoft.windowscommunicationsapps_8wekyb3d8bbweGmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweQmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.CalendardC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe1SPSMԆi<D*TQ ModernCalendar\CalendarLogo.pngU!ModernCalendar\CalendarBadge.png]%ModernCalendar\CalendarSmallLogo.pngY$ModernCalendar\CalendarWideLogo.pngQ3]%ModernCalendar\CalendarLargeLogo.pngMms-resource:calendarAppTitleY$ModernCalendar\CalendarTinyLogo.pngi1SPS0%G`Mms-resource:calendarAppTitle-1SPSwlE[([8װY1SPSOYMGm=Microsoft Corporation] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk -> [LF1SPSU(Ly9K-u2microsoft.windowscommunicationsapps_8wekyb3d8bbweGmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweMmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.MaildC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwev1SPSMԆi<D*TIModernMail\Res\MailLogo.pngMModernMail\Res\MailBadge.pngU!ModernMail\Res\MailSmallLogo.pngQ ModernMail\Res\MailWideLogo.pngrU!ModernMail\Res\MailLargeLogo.pngEms-resource:mailAppTitleQ ModernMail\Res\MailTinyLogo.pnga1SPS0%G`Ems-resource:mailAppTitleq1SPS}@H1U!ms-resource:mailShareDescription-1SPSwlE[([8װY1SPSOYMGm=Microsoft Corporation] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk -> [LFr1SPSU(Ly9K-u2microsoft.windowscommunicationsapps_8wekyb3d8bbweGmicrosoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweOmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.PeopledC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe1SPSMԆi<D*TAModernPeople\People.pngMModernPeople\PeopleSmall.pngIModernPeople\PeopleWide.pngG&MModernPeople\PeopleLarge.png]%ms-resource:///strings/peopleAppNameIModernPeople\PeopleTiny.pngy1SPS0%G`]%ms-resource:///strings/peopleAppName1SPS}@H1e*ms-resource:///strings/raShareDescription-1SPSwlE[([8װY1SPSOYMGm=Microsoft Corporation] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Taptiles_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.Wordament_8wekyb3d8bbwe\Wordament.lnk -> [LFq>1SPSwlE[([8װA1SPS0%G`%Wordament1SPSU(Ly9K-e*Microsoft.Studios.Wordament_8wekyb3d8bbwey4Microsoft.Studios.Wordament_8wekyb3d8bbwe!Wordament1SPSMԆi<D*T%Wordament^C:\Users\Ronnie\AppData\Local\Temp\Microsoft.Studios.Wordament_8wekyb3d8bbwe\Wordament-sl.png]C:\Users\Ronnie\AppData\Local\Temp\Microsoft.Studios.Wordament_8wekyb3d8bbwe\Wordament-l.png^C:\Users\Ronnie\AppData\Local\Temp\Microsoft.Studios.Wordament_8wekyb3d8bbwe\Wordament-wl.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\App.lnk -> [LFY>1SPSwlE[([8װE1SPS0%G`)Pinball FX21SPSU(Ly9K-i+Microsoft.Studios.PinballFx2_8wekyb3d8bbweq/Microsoft.Studios.PinballFx2_8wekyb3d8bbwe!App1SPSMԆi<D*T)Pinball FX2YC:\Users\Ronnie\AppData\Local\Temp\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\App-sl.pngXC:\Users\Ronnie\AppData\Local\Temp\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\App-l.pngYC:\Users\Ronnie\AppData\Local\Temp\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\App-wl.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\MicrosoftMahjong.lnk -> [LF>1SPSwlE[([8װQ1SPS0%G`5Microsoft Mahjong1SPSU(Ly9K-e)Microsoft.MicrosoftMahjong_8wekyb3d8bbwe:Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong1SPSMԆi<D*T5Microsoft MahjongpndC:\Users\Ronnie\AppData\Local\Temp\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\MicrosoftMahjong-sl.pngcC:\Users\Ronnie\AppData\Local\Temp\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\MicrosoftMahjong-l.pngdC:\Users\Ronnie\AppData\Local\Temp\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\MicrosoftMahjong-wl.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.HelpAndTips_8wekyb3d8bbwe\HelpAndTips.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint.lnk -> [LF>1SPSwlE[([8װE1SPS0%G`)Fresh Paint1SPSU(Ly9K-Y#Microsoft.FreshPaint_8wekyb3d8bbwe8Microsoft.FreshPaint_8wekyb3d8bbwe!Microsoft.FreshPaint1SPSMԆi<D*T)Fresh PaintbC:\Users\Ronnie\AppData\Local\Temp\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint-sl.pngaC:\Users\Ronnie\AppData\Local\Temp\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint-l.pngbC:\Users\Ronnie\AppData\Local\Temp\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint-wl.png***] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingMaps_8wekyb3d8bbwe\AppexMaps.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Adera_8wekyb3d8bbwe\App.lnk -> [LF>1SPSwlE[([8װ91SPS0%G`Adera1SPSU(Ly9K-MMicrosoft.Adera_8wekyb3d8bbweU"Microsoft.Adera_8wekyb3d8bbwe!Appg1SPSMԆi<D*TAdera/LC:\Users\Ronnie\AppData\Local\Temp\Microsoft.Adera_8wekyb3d8bbwe\App-sl.pngKC:\Users\Ronnie\AppData\Local\Temp\Microsoft.Adera_8wekyb3d8bbwe\App-l.pngLC:\Users\Ronnie\AppData\Local\Temp\Microsoft.Adera_8wekyb3d8bbwe\App-wl.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\HuluLLC.HuluPlus_fphbd361v8tya\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\F9C317A9.MediaMonkey_6npfwtawc6s18\App.lnk -> [LF>1SPSwlE[([8װE1SPS0%G`)MediaMonkey1SPSU(Ly9K-Y#F9C317A9.MediaMonkey_6npfwtawc6s18a'F9C317A9.MediaMonkey_6npfwtawc6s18!App1SPSMԆi<D*T)MediaMonkeyRC,QC:\Users\Ronnie\AppData\Local\Temp\F9C317A9.MediaMonkey_6npfwtawc6s18\App-sl.pngPC:\Users\Ronnie\AppData\Local\Temp\F9C317A9.MediaMonkey_6npfwtawc6s18\App-l.pngQC:\Users\Ronnie\AppData\Local\Temp\F9C317A9.MediaMonkey_6npfwtawc6s18\App-wl.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Evernote.Evernote_q4d96b2w5wcc2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\com.amazon.kindle.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\Amazon.com.Amazon_343d40qqvtj1t\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\AcerIncorporated.AcerExplorer_48frkmn4z8aw4\AcerExplorer.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\App.lnk -> [LF>1SPSwlE[([8װ=1SPS0%G`!Twitter1SPSU(Ly9K-Q9E2F88E3.Twitter_wgeqdkkx372wmY#9E2F88E3.Twitter_wgeqdkkx372wm!Apps1SPSMԆi<D*T!TwitterMC:\Users\Ronnie\AppData\Local\Temp\9E2F88E3.Twitter_wgeqdkkx372wm\App-sl.pngLC:\Users\Ronnie\AppData\Local\Temp\9E2F88E3.Twitter_wgeqdkkx372wm\App-l.pngMC:\Users\Ronnie\AppData\Local\Temp\9E2F88E3.Twitter_wgeqdkkx372wm\App-wl.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\4DF9E0F8.Netflix_mcm4njqhnhss8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\4AE8B7C2.Booking.comPartnerEdition_6wqyppa9wfhnr\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\48AD0183.NextIssueMagazinesforAcer_w8az3ffzyab5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\38535BluralDevelopment.SnipShare_ve2pc1khqv3nm\App.lnk -> [LF>1SPSwlE[([8װE1SPS0%G`)Snip&Share1SPSU(Ly9K-q/38535BluralDevelopment.SnipShare_ve2pc1khqv3nmy338535BluralDevelopment.SnipShare_ve2pc1khqv3nm!App1SPSMԆi<D*T)Snip&Share\]C:\Users\Ronnie\AppData\Local\Temp\38535BluralDevelopment.SnipShare_ve2pc1khqv3nm\App-sl.png\C:\Users\Ronnie\AppData\Local\Temp\38535BluralDevelopment.SnipShare_ve2pc1khqv3nm\App-l.png] (No File)
Shortcut: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Application Shortcuts\06DAC6F6.StumbleUpon_9pdyks8yk4v0j\App.lnk -> Tile and icon assets

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRIVATE WiFi\PRIVATE WiFi.lnk -> C:\Program Files\PRIVATE WiFi\StartURL.exe () -> hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Soluto.lnk -> C:\Program Files\Soluto\Soluto.exe (Soluto) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp acerlt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto\Soluto.lnk -> C:\Program Files\Soluto\Soluto.exe (Soluto) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite\Norton 360.lnk -> C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\uiStub.exe (Symantec Corporation) -> /win8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from WildTangent Games.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - acer.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp acerlt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Remote Files.lnk -> C:\Program Files\Acer\Remote Files\RemoteFilesService.exe (Acer Incorporated) -> --open-shell --check-update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f244afb6-a31c-4254-82f2-e89a2cfa9c24}\PlayTasks\0\Luxor Evolved.lnk -> C:\Program Files (x86)\WildGames\Luxor Evolved\luxor_ev_x86-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d75be608-ef6d-4189-b804-9ea3b2094046}\PlayTasks\0\Cradle Of Egypt Collector's Edition.lnk -> C:\Program Files (x86)\WildGames\Cradle Of Egypt Collectors Edition\cradleofegyptcollectorsedition-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9fbd6a31-c1d2-4269-a69a-fb9d00766ebc}\PlayTasks\0\Trinklit Supreme.lnk -> C:\Program Files (x86)\WildGames\Trinklit Supreme\trinklitsupreme-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{74e6d22f-cb18-4829-9d0a-ed768ab6d91e}\PlayTasks\0\Peggle Nights.lnk -> C:\Program Files (x86)\WildGames\Peggle Nights\pegglenights-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7364bdbb-1a13-4f43-b6fc-8decae898f9c}\PlayTasks\0\The Chronicles of Emerland Solitaire.lnk -> C:\Program Files (x86)\WildGames\The Chronicles of Emerland Solitaire\solitaire-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5efc38bb-2dab-4442-8e97-38975fa121af}\PlayTasks\0\Magic Academy.lnk -> C:\Program Files (x86)\WildGames\Magic Academy\Magic Academy-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1447c6c0-8a7b-4b3f-a3b2-cbc9cb3ff16d}\PlayTasks\0\Aloha TriPeaks.lnk -> C:\Program Files (x86)\WildGames\Aloha TriPeaks\alohatripeaks-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{11df15ff-f066-4c33-ac85-8738689543f5}\PlayTasks\0\Governor of Poker 2 Premium Edition.lnk -> C:\Program Files (x86)\WildGames\Governor of Poker 2 Premium Edition\GovernorofPoker2_PE_WildTangent_v1.5-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\conne_000\Desktop\ROBLOX Player.lnk -> C:\Users\conne_000\AppData\Local\Roblox\Versions\version-fc39a4c10c8d4c27\RobloxPlayerLauncher.exe (ROBLOX Corporation) -> -browser
ShortcutWithArgument: C:\Users\conne_000\Desktop\ROBLOX Studio.lnk -> C:\Users\conne_000\AppData\Local\Roblox\Versions\version-907e332b66424766\RobloxStudioLauncherBeta.exe (ROBLOX Corporation) -> -ide
ShortcutWithArgument: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\conne_000\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) ->  /OPEN"f22abfeae27a67446927d078890381efc546d3e1"
ShortcutWithArgument: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk -> C:\Users\conne_000\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"menu"
ShortcutWithArgument: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Player.lnk -> C:\Users\conne_000\AppData\Local\Roblox\Versions\version-fc39a4c10c8d4c27\RobloxPlayerLauncher.exe (ROBLOX Corporation) -> -browser
ShortcutWithArgument: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio.lnk -> C:\Users\conne_000\AppData\Local\Roblox\Versions\version-907e332b66424766\RobloxStudioLauncherBeta.exe (ROBLOX Corporation) -> -ide
ShortcutWithArgument: C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk -> C:\Users\conne_000\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"menu"
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\Users\conne_000\AppData\Local\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Acer Remote Files.lnk -> C:\Program Files\Acer\Remote Files\RemoteFilesService.exe (Acer Incorporated) -> --open-shell --check-update
ShortcutWithArgument: C:\Users\Public\Desktop\Norton 360.lnk -> C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\uiStub.exe (Symantec Corporation) -> /win8
ShortcutWithArgument: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) ->  /OPEN"f22abfeae27a67446927d078890381efc546d3e1"
ShortcutWithArgument: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk -> C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"menu"
ShortcutWithArgument: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Ronnie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk -> C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"menu"
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Ronnie\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

InternetURL: C:\Users\conne_000\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\conne_000\Favorites\Booking.com.url -> URL: hxxp://www.booking.com/index.html?aid=379334
InternetURL: C:\Users\conne_000\Favorites\Acer\Acer.url -> URL: hxxp://www.acer.com/
InternetURL: C:\Users\conne_000\Favorites\Acer\PRIVATE WiFi.url -> URL: hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default
InternetURL: C:\Users\Default\Favorites\Booking.com.url -> URL: hxxp://www.booking.com/index.html?aid=379334
InternetURL: C:\Users\Default\Favorites\Acer\Acer.url -> URL: hxxp://www.acer.com/
InternetURL: C:\Users\Default\Favorites\Acer\PRIVATE WiFi.url -> URL: hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default
InternetURL: C:\Users\Ronnie\Favorites\ASUSTeK COMPUTER INC.url -> URL: hxxp://www.asus.com/
InternetURL: C:\Users\Ronnie\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Ronnie\Favorites\Booking.com.url -> URL: hxxp://www.booking.com/index.html?aid=379334
InternetURL: C:\Users\Ronnie\Favorites\Links\Acer Online Store.url -> URL: hxxp://go.acer.com/?id=16755&model=Aspire ES1-511
InternetURL: C:\Users\Ronnie\Favorites\Links\ASUSTeK COMPUTER INC.url -> URL: hxxp://www.asus.com/
InternetURL: C:\Users\Ronnie\Favorites\Acer\Acer.url -> URL: hxxp://www.acer.com/
InternetURL: C:\Users\Ronnie\Favorites\Acer\eBay.url -> URL: hxxp://rover.ebay.com/rover/1/711-66992-24801-3/4
InternetURL: C:\Users\Ronnie\Favorites\Acer\PRIVATE WiFi.url -> URL: hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default
==================== End of Shortcut.txt =============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 29 November 2017 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Host App Service (HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\SweetLabs_AP) (Version: 0.269.8.135 - Pokki)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Pokki) C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\RunOnce: [Application Restart #0] => C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7881936 2017-08-11] (Pokki)
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.0.85&locale=en_US&guid=4552A70F-FC43-4F4F-B1C2-299BE242C802&doi=2016-09-01&gct=kwd&qsrc=2869
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon => not found
CHR HomePage: Default -> hxxp://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://secure.web-start-page.com/?partner=acer&src=omnibox&brw=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> web-start-page.com
CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.web-start-page.com/suggest?format=json&brw=ch&locale={language}&q={searchTerms}
S2 0215421502431352mcinstcleanup; C:\Users\Ronnie\AppData\Local\Temp\021542~1.EXE -cleanup -nolog [X] <==== ATTENTION
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X] <==== ATTENTION
S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X] <==== ATTENTION
Pokki Start Menu (HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.135 - Pokki)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {43314E6D-BF7B-4C5B-8A89-5DB85F79E4DE} - System32\Tasks\SweetLabs App Platform => C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2017-08-11] (Pokki)
C:\Windows\System32\Tasks\SweetLabs App Platform
C:\Users\Ronnie\AppData\Local\SweetLabs App Platform

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
===

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists with this computer.

#5 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 30 November 2017 - 12:44 AM

ok will do tomorrow



#6 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 01 December 2017 - 02:09 AM

ok, I removed the first two and ran the fixlist.   log below.  from there it boots up slowly but finally did boot up.  I fixed java then ran mb, quaranmtined 19 items, log to follow.  The adw cleaner log also to follwo
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Ronnie (01-12-2017 00:50:54) Run:1
Running from D:\AcerLapTop
Loaded Profiles: Ronnie (Available Profiles: Ronnie & conne_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
(Pokki) C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\RunOnce: [Application Restart #0] => C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7881936 2017-08-11] (Pokki)
SearchScopes: HKU\S-1-5-21-116401916-3029618134-1469963879-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.0.85&locale=en_US&guid=4552A70F-FC43-4F4F-B1C2-299BE242C802&doi=2016-09-01&gct=kwd&qsrc=2869
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon => not found
CHR HomePage: Default -> hxxp://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://secure.web-start-page.com/?partner=acer&src=omnibox&brw=ch&q={searchTerms}
CHR DefaultSearchKeyword: Default -> web-start-page.com
CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.web-start-page.com/suggest?format=json&brw=ch&locale={language}&q={searchTerms}
S2 0215421502431352mcinstcleanup; C:\Users\Ronnie\AppData\Local\Temp\021542~1.EXE -cleanup -nolog [X] <==== ATTENTION
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X] <==== ATTENTION
S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X] <==== ATTENTION
Pokki Start Menu (HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.135 - Pokki)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {43314E6D-BF7B-4C5B-8A89-5DB85F79E4DE} - System32\Tasks\SweetLabs App Platform => C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2017-08-11] (Pokki)
C:\Windows\System32\Tasks\SweetLabs App Platform
C:\Users\Ronnie\AppData\Local\SweetLabs App Platform
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\Ronnie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe => No running process found
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => value removed successfully
HKU\S-1-5-21-116401916-3029618134-1469963879-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found
HKLM\Software\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\System\CurrentControlSet\Services\0215421502431352mcinstcleanup => key removed successfully
0215421502431352mcinstcleanup => service removed successfully
cpuz136 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cpuz136 => key removed successfully
cpuz136 => service removed successfully
HKLM\System\CurrentControlSet\Services\OATool => key removed successfully
OATool => service removed successfully
HKLM\System\CurrentControlSet\Services\TDKLIB => key removed successfully
TDKLIB => service removed successfully
Pokki Start Menu (HKU\S-1-5-21-116401916-3029618134-1469963879-1001\...\SweetLabs_Start_Menu) (Version: 0.269.8.135 - Pokki) => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43314E6D-BF7B-4C5B-8A89-5DB85F79E4DE} => key not found
C:\Windows\System32\Tasks\SweetLabs App Platform => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform => key not found
"C:\Windows\System32\Tasks\SweetLabs App Platform" => not found.
"C:\Users\Ronnie\AppData\Local\SweetLabs App Platform" => not found.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11903045 B
Java, Flash, Steam htmlcache => 1216 B
Windows/system/drivers => 673570248 B
Edge => 0 B
Chrome => 21574990 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 174848 B
systemprofile32 => 128 B
LocalService => 38030 B
NetworkService => 472332 B
Ronnie => 97670388 B
conne_000 => 354959 B
RecycleBin => 9755 B
EmptyTemp: => 776.4 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 00:53:47 ====

Edited by SenorSySoP, 01 December 2017 - 08:14 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 01 December 2017 - 09:31 AM

Hi,

The AdwCleaner log was not posted.

If not already done run the program again and clean everything that was found.

Restart the computer normally.

How is the boot time now?

#8 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 04 December 2017 - 10:18 PM

Sorry was out of town for work, here is the ad cleaner post

# AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 01 13:23:51 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 11-29-2017.1
# Running on Windows 8.1 Connected (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\conne_000\AppData\Local\SweetLabs App Platform
PUP.Optional.Legacy, C:\Program Files (x86)\Amazon\Amazon1ButtonApp
PUP.Optional.Legacy, C:\Users\Public\Pokki


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\conne_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
PUP.Optional.Legacy, C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
PUP.Optional.Legacy, C:\Users\All Users\Desktop\eBay.lnk
PUP.Optional.Legacy, C:\Users\Public\Desktop\eBay.lnk
PUP.Optional.PCAppStore, C:\Users\conne_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Edited by SenorSySoP, 05 December 2017 - 12:06 AM.


#9 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 05 December 2017 - 12:08 AM

hit man pro seems to find 20+ items. I don't have an active subscription for it fyi so I cant remove anything. I am also concerned about root kits. Before we determine that it is clean, can you take look for root kits too?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 05 December 2017 - 07:34 AM

Hi,

Run the AdwCleaner tool and remove everything that is identified in your previous log.

===

Run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

#11 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 December 2017 - 01:37 AM

here is the adcleaner log

 

# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 05 13:21:29 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-04-2017.1
# Running on Windows 8.1 Connected (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2057 B] - [2017/12/1 13:29:8]
C:/AdwCleaner/AdwCleaner[S0].txt - [2036 B] - [2017/12/1 13:23:51]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


#12 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 December 2017 - 01:41 AM

also did the root kit and it came back clean.

 

everthing is working good except sometimes the keyboards lag is several seconds.   I will reboot and see if that helps.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 06 December 2017 - 08:44 AM

Keep me posted.

#14 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 December 2017 - 08:40 AM

the browser  ie in this case was running super slow.  eventually a message came up saying a long script is running and do I want to stop it.  Here is the url that was trying to load.

 

https://tracking.jetpackdigital.com/jpt?ord=47674136748.33446&sid=1568&oid=8094&lid=38032&csid=0&c=0&rf=https%3A//www.bleepingcomputer.com/forums/index.php%3Fapp%3Dcore%26module%3Dglobal%26section%3Dlostpass&t=inlineClick&u=https%3A//adclick.g.doubleclick.net/pcs/click%25253Fxai%25253DAKAOjsuSqN62GLV2QYgtoC_AdoYmm5uITY-HeCOeKEO90PL4_E8ATLXGwU7pBJqUyRk47pJE_AfYfIVbuvgmiwuq1Et9Tss13g0Emq1pqT1cfBOvk4ExeoraF3wSPBIPTj4ddaCFvwThDzHMa_PiUt01-JYy32wjng0M_8xB2DCfHZ3Pm1OXVQSIfD5scdoV2D9JGzzHX0KTpsiw8qmrEnF66TyF85C2b7Pl7LRl1OQB0JylRmm07Ls_G5FaLctnKRTHG3hWCl9H_lMsdCmJNUvk2g%252526sig%25253DCg0ArKJSzHh_heN-V9XBEAE%252526urlfix%25253D1%252526adurl%25253Dhttps%3A//bs.serving-sys.com/serving/adServer.bs%3Fcn%3Dtrd%26mc%3Dclick%26pli%3D22894596%26PluID%3D0%26ord%3D1384585478



#15 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 December 2017 - 08:41 AM

this is rootlit scan from spybot// info: Rootkit removal help file
// copyright: © 2008-2017 Safer-Networking Ltd. All rights reserved.
 
:: RootAlyzer Results
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users