Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Cause - Several Windows Console windows popup and disappear


  • This topic is locked This topic is locked
15 replies to this topic

#1 MikeHype

MikeHype

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 21 March 2018 - 01:03 PM

Dear Community:

 

    Several Windows Consoles popup and disappear into the background whenever I use my laptop and Firefox browser. I usually go into  Task Manager to stop them but this is annoying every time I use the laptop. Firefox also starts stalling after 40 minutes of surfing and I start getting the browser "Not Responding" message.

 

Also, I noticed in the past two weeks, I have to sign into my AOL email account twice to get in - never had to do this before. Something isn't right. I know its an ancient account, lol.

 

Below are the FRST & Addition.txt files: please advise?

 

MikeHype

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by 144 (administrator) on LAPTOP-5HFN347G (21-03-2018 12:38:51)
Running from C:\Users\144\Downloads
Loaded Profiles: 144 (Available Profiles: 144)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHDCPSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxEM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Corel Corporation) C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxext.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10572.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(WinZip) C:\Program Files\WinZip\WZUpdateNotifier.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16419072 2016-02-25] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2182568 2018-01-08] (COMODO)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [8511160 2017-10-20] (COMODO)
Startup: C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-11-17]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{0bead2cf-5acf-4261-b70a-f4ffa60aef7f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5448ab9c-e503-460d-8eb0-880bf42f33a3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d58f13c-945b-4d77-9236-4d9c3c4aee52}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{c39430a5-f05c-42a2-b407-f49635e5563c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{cea11d30-7eb9-40a6-a30a-052e20573fd0}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-3807269509-1413305664-3201116232-1001 -> DefaultScope {AE2CBE7E-1953-4C86-A1E0-273A2EABB78C} URL =
SearchScopes: HKU\S-1-5-21-3807269509-1413305664-3201116232-1001 -> {AE2CBE7E-1953-4C86-A1E0-273A2EABB78C} URL =
BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2017-10-20] (COMODO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-03] (Microsoft Corporation)
BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2017-10-20] (COMODO)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: d2n6h34p.default
FF ProfilePath: C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default [2018-03-21]
FF Homepage: Mozilla\Firefox\Profiles\d2n6h34p.default -> hxxps://google.com
FF Extension: (Amazon Assistant for Firefox) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\abb-acer@amazon.com [2017-11-05] [Legacy]
FF Extension: (Webmail Ad Blocker) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\gmailnoads@mywebber.com.xpi [2018-03-08]
FF Extension: (Coupons at Checkout) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpi [2017-03-24] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-11-04] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\partnerdefaults@mozilla.com [2017-11-05] [Legacy]
FF Extension: (MapsScout) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\{dbb477cc-8be4-44f4-9cc2-845632a7e433}.xpi [2017-08-27]
FF ProfilePath: C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1 [2017-04-30]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1\Extensions\abb-acer@amazon.com [2017-04-30] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1\Extensions\langpack-en-US@firefox.mozilla.org [2017-04-30] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1\Extensions\partnerdefaults@mozilla.com [2017-04-30] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2016-12-25] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2016-12-25] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2016-12-25] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3807269509-1413305664-3201116232-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\144\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-03-06] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\144\AppData\Local\Google\Chrome\User Data\Default [2017-10-17]
CHR Extension: (Slides) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-14]
CHR Extension: (YouTube) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-14]
CHR Extension: (Sheets) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-15]
CHR Extension: (Total AV Web Shield) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-14]
CHR Extension: (Gmail) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-17]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe [3233064 2018-01-26] (Intel Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-25] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [77472 2017-05-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10962648 2018-01-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2875816 2018-01-08] (COMODO)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4193464 2017-10-20] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272520 2018-02-23] (Comodo)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485400 2017-05-12] (Comodo Security Solutions, Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-07-29] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-07-29] (Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-27] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows ® Win 7 DDK provider)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [126568 2017-10-17] (COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2017-12-28] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [830448 2017-12-28] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-12-28] (COMODO)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [185416 2015-09-05] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [180992 2016-10-15] (Intel Corporation)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [129200 2017-03-31] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-07-29] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-21] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-07-29] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-16] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 12:35 - 2018-03-21 12:35 - 002403328 _____ (Farbar) C:\Users\144\Downloads\FRST64.exe
2018-03-20 17:05 - 2018-03-20 17:05 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-20 13:41 - 2018-03-20 14:00 - 000000000 ____D C:\Users\144\Desktop\imports
2018-03-17 00:10 - 2018-03-17 01:17 - 000000000 ____D C:\Users\144\Desktop\Move On
2018-03-16 12:03 - 2018-03-21 10:14 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-16 12:03 - 2018-03-20 17:05 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-16 12:03 - 2018-03-16 12:03 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-16 12:02 - 2018-03-16 12:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-16 12:00 - 2018-03-16 12:00 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-16 12:00 - 2018-03-16 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-16 12:00 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-16 11:59 - 2018-03-16 11:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-16 11:59 - 2018-03-16 11:59 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-16 11:45 - 2018-03-16 11:48 - 069748432 _____ (Malwarebytes ) C:\Users\144\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4352.exe
2018-03-13 22:48 - 2018-03-13 22:48 - 000000000 ____D C:\Users\144\Documents\Audacity
2018-03-13 22:46 - 2018-03-13 22:46 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-03-13 22:46 - 2018-03-13 22:46 - 000001084 _____ C:\Users\Public\Desktop\Audacity.lnk
2018-03-13 22:46 - 2018-03-13 22:46 - 000000000 ____D C:\Users\144\AppData\Local\Audacity
2018-03-13 22:46 - 2018-03-13 22:46 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-03-13 22:45 - 2018-03-13 22:45 - 020248056 _____ (Audacity Team ) C:\Users\144\Downloads\audacity-win-2.2.2.exe
2018-03-13 13:54 - 2018-03-13 13:55 - 000349022 _____ C:\Users\144\Downloads\Decision And Order 3-12-18.pdf
2018-03-12 22:22 - 2018-03-12 22:22 - 000000104 ____H C:\Users\144\Downloads\.~lock.Redaction Order-2.docx#
2018-03-12 22:21 - 2018-03-12 22:21 - 000000104 ____H C:\Users\144\Desktop\.~lock.Motion to Redact.doc#
2018-03-09 10:36 - 2018-03-09 10:36 - 001620252 _____ C:\Users\144\Downloads\journalistguide2011.pdf
2018-03-09 10:32 - 2018-03-09 10:32 - 000603892 _____ C:\Users\144\Downloads\InstructionsPacket.pdf
2018-03-08 11:16 - 2018-03-08 11:17 - 002212693 _____ C:\Users\144\Downloads\121517 Hearing Packet and Recommendation.pdf
2018-03-07 19:30 - 2018-03-07 19:49 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-07 11:31 - 2018-03-07 12:20 - 1914967302 _____ C:\Users\144\Downloads\DS500230.DS21.26.18.wav
2018-03-04 18:20 - 2018-03-04 18:21 - 003011448 _____ C:\Users\144\Downloads\P500 Data Base.xlsx
2018-03-04 18:20 - 2018-03-04 18:21 - 003011448 _____ C:\Users\144\Downloads\P500 Data Base(1).xlsx
2018-03-03 11:05 - 2018-03-14 15:14 - 000000000 ____D C:\Windows.old
2018-03-03 09:58 - 2018-03-03 09:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-03 09:56 - 2018-03-03 09:56 - 000000000 ___HD C:\Users\144\MicrosoftEdgeBackups
2018-03-03 09:52 - 2018-03-03 09:52 - 000000020 ___SH C:\Users\144\ntuser.ini
2018-03-03 09:46 - 2018-03-20 18:01 - 000004890 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2018-03-03 09:46 - 2018-03-20 17:33 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{797C944E-9519-4A29-A768-47B08D9EBE0C}
2018-03-03 09:46 - 2018-03-20 17:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-03 09:46 - 2018-03-19 23:37 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3807269509-1413305664-3201116232-1001
2018-03-03 09:46 - 2018-03-03 09:47 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-03 09:46 - 2018-03-03 09:46 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2018-03-03 09:46 - 2018-03-03 09:46 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-03 09:46 - 2018-03-03 09:46 - 000002820 _____ C:\WINDOWS\System32\Tasks\ACC
2018-03-03 09:46 - 2018-03-03 09:46 - 000002766 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2018-03-03 09:46 - 2018-03-03 09:46 - 000002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2018-03-03 09:46 - 2018-03-03 09:46 - 000002562 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
2018-03-03 09:46 - 2018-03-03 09:46 - 000002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2018-03-03 09:46 - 2018-03-03 09:46 - 000002428 _____ C:\WINDOWS\System32\Tasks\MAGIX Connector
2018-03-03 09:46 - 2018-03-03 09:46 - 000002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2018-03-03 09:46 - 2018-03-03 09:46 - 000002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2018-03-03 09:46 - 2018-03-03 09:46 - 000002256 _____ C:\WINDOWS\System32\Tasks\Power Button
2018-03-03 09:46 - 2018-03-03 09:46 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2018-03-03 09:46 - 2018-03-03 09:46 - 000002042 _____ C:\WINDOWS\System32\Tasks\FubToolByPLD
2018-03-03 09:46 - 2018-03-03 09:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-03-03 09:46 - 2018-03-03 09:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2018-03-03 09:41 - 2018-03-03 09:45 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-03-03 09:41 - 2018-03-03 09:45 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-03-03 09:38 - 2018-03-15 23:00 - 001039898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-03 09:21 - 2018-03-03 09:21 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-03 09:20 - 2018-03-03 09:20 - 000000000 ____D C:\ProgramData\USOShared
2018-03-03 09:16 - 2018-03-04 11:02 - 000000000 ____D C:\Users\144\AppData\Local\Packages
2018-03-03 09:15 - 2018-03-20 17:03 - 000000000 ____D C:\Users\144
2018-03-03 09:14 - 2018-03-03 09:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-03 09:14 - 2017-02-24 18:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-03-03 09:14 - 2017-02-24 18:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-03-03 09:14 - 2017-02-24 18:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-03-03 09:14 - 2017-02-24 18:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-03-03 09:13 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-03 09:13 - 2017-08-01 04:26 - 000140304 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-03-03 09:13 - 2017-08-01 04:25 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-03-03 09:09 - 2018-03-21 10:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-03 09:09 - 2018-03-06 03:13 - 000510440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-03 02:50 - 2018-03-03 11:06 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-03 02:44 - 2018-03-03 02:50 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files\MSBuild
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-03 02:38 - 2017-09-22 19:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-03-03 02:38 - 2017-09-22 19:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-03-03 02:38 - 2017-09-22 19:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-03-03 02:37 - 2017-09-28 16:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-03-03 02:37 - 2017-09-28 16:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-03-03 02:37 - 2017-09-28 16:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-03-03 02:15 - 2018-03-03 02:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-03 00:32 - 2018-03-03 09:48 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-03 00:26 - 2018-03-03 00:32 - 000000036 _____ C:\WINDOWS\progress.ini
2018-03-02 23:30 - 2018-03-16 12:55 - 000000000 ___HD C:\$GetCurrent
2018-03-02 23:11 - 2018-03-02 23:11 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-01 23:44 - 2018-03-01 23:45 - 000000000 ____D C:\Users\144\Desktop\New folder (10)
2018-02-28 13:49 - 2018-02-28 15:29 - 000000000 ____D C:\Users\144\Desktop\Louise Kiernan Twitter Photos
2018-02-26 11:04 - 2018-02-26 11:04 - 000000104 ____H C:\Users\144\Desktop\.~lock.Dj ein sof.odt#
2018-02-22 00:13 - 2018-02-22 00:21 - 178595590 _____ (Acoustica, Inc.) C:\Users\144\Downloads\mixcraft8-b412-setup.exe.part
2018-02-21 22:23 - 2018-02-21 22:23 - 000000000 ____D C:\ProgramData\WarpPro
2018-02-21 22:22 - 2018-03-03 11:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WarpPro
2018-02-21 22:22 - 2018-02-21 22:22 - 000000970 _____ C:\Users\Public\Desktop\WarpPro.lnk
2018-02-21 22:22 - 2018-02-21 22:22 - 000000000 ____D C:\Program Files (x86)\WarpPro
2018-02-21 22:12 - 2018-02-21 22:12 - 001233528 _____ C:\Users\144\Desktop\WarpPro-Installer.7z
2018-02-21 16:14 - 2018-02-21 16:14 - 000076919 _____ C:\Users\144\Downloads\convert-jpg-to-pdf.net_2018-02-21_22-13-53.pdf
2018-02-21 14:50 - 2018-02-21 14:50 - 000000000 ____D C:\Users\144\Desktop\WarpPro-Installer
2018-02-21 14:19 - 2018-02-21 14:19 - 001300777 _____ C:\Users\144\Downloads\WarpPro-Installer.zip
2018-02-21 03:32 - 2018-02-21 03:32 - 000000011 _____ C:\WINDOWS\amunres.lsl
2018-02-21 03:00 - 2018-02-21 03:00 - 000543000 _____ C:\Users\144\Downloads\TunaticSetup.exe
2018-02-20 19:36 - 2018-02-21 15:08 - 000000000 ____D C:\Users\144\Desktop\Diane Lynn
2018-02-19 14:27 - 2018-02-19 14:27 - 000000908 _____ C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-02-19 14:27 - 2018-02-19 14:27 - 000000860 _____ C:\Users\144\Desktop\Start Tor Browser.lnk
2018-02-19 14:25 - 2018-02-19 14:26 - 000000000 ____D C:\Users\144\Desktop\Tor Browser
2018-02-19 14:21 - 2018-02-19 14:24 - 053673120 _____ C:\Users\144\Downloads\torbrowser-install-7.5_en-US.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 12:44 - 2017-12-14 04:38 - 000020826 _____ C:\Users\144\Downloads\FRST.txt
2018-03-21 12:44 - 2017-04-27 10:32 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2018-03-21 12:38 - 2017-12-14 04:38 - 000000000 ____D C:\FRST
2018-03-20 17:09 - 2017-03-30 15:10 - 000000000 ____D C:\Users\144\Desktop\New Music
2018-03-20 17:05 - 2016-12-22 01:44 - 000000000 __SHD C:\Users\144\IntelGraphicsProfiles
2018-03-20 17:04 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-20 14:54 - 2016-12-25 14:27 - 000000000 ____D C:\Users\144\AppData\LocalLow\Mozilla
2018-03-19 23:37 - 2017-11-05 21:09 - 000002365 _____ C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 23:36 - 2016-12-22 02:56 - 000000000 ___RD C:\Users\144\OneDrive
2018-03-19 00:52 - 2017-03-23 12:09 - 000000000 ____D C:\Users\144\Documents\VirtualDJ
2018-03-17 23:56 - 2017-08-13 15:17 - 000000000 ____D C:\Users\144\AppData\Roaming\Audacity
2018-03-17 02:46 - 2017-04-05 19:34 - 000000000 ____D C:\Users\144\AppData\Roaming\vlc
2018-03-17 01:17 - 2018-01-20 12:38 - 000000000 ____D C:\Users\144\Desktop\current
2018-03-16 13:34 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 13:31 - 2016-10-14 02:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 13:30 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 12:34 - 2017-10-11 15:45 - 000000000 ____D C:\ProgramData\WinZip
2018-03-16 12:02 - 2017-12-07 01:49 - 000000000 ____D C:\Users\144\Desktop\desktop pics
2018-03-16 11:04 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-15 23:08 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-15 22:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-12 22:41 - 2017-04-27 10:28 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-03-12 11:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-07 19:42 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-06 12:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-06 10:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-06 03:08 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-06 03:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-06 03:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-03-06 03:07 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-04 21:56 - 2017-01-02 17:36 - 000000000 ___RD C:\Users\144\3D Objects
2018-03-04 21:56 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-04 20:31 - 2017-09-30 03:41 - 000000000 ____D C:\Users\144\Desktop\New folder (15)
2018-03-03 20:29 - 2016-10-14 04:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-03-03 11:08 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-03-03 11:06 - 2018-02-05 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-03-03 11:06 - 2018-01-21 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-03-03 11:06 - 2018-01-21 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-03-03 11:06 - 2017-11-17 04:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-03 11:06 - 2017-08-11 10:04 - 000000000 ____D C:\Program Files\Intel
2018-03-03 11:06 - 2017-08-01 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loopcloud
2018-03-03 11:06 - 2017-07-31 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-03-03 11:06 - 2017-05-29 22:43 - 000000000 ____D C:\Program Files\UNP
2018-03-03 11:06 - 2017-04-27 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-03-03 11:06 - 2017-04-05 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite
2018-03-03 11:06 - 2017-04-05 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-03-03 11:06 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-03 11:06 - 2017-01-26 18:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-03-03 11:06 - 2017-01-02 22:14 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2018-03-03 11:06 - 2016-12-22 01:43 - 000000000 ____D C:\WINDOWS\oem
2018-03-03 11:06 - 2016-10-14 04:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2018-03-03 11:06 - 2016-10-14 04:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-03 11:06 - 2016-10-14 04:07 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-03-03 11:06 - 2016-10-14 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-03 11:06 - 2016-08-03 05:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2018-03-03 11:05 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2018-03-03 09:54 - 2017-01-27 15:44 - 000000000 ____D C:\Users\144\AppData\Local\ConnectedDevicesPlatform
2018-03-03 09:53 - 2016-12-22 01:44 - 000000000 ____D C:\Users\144\AppData\Local\TileDataLayer
2018-03-03 09:49 - 2016-10-14 04:05 - 000000000 ____D C:\ProgramData\Intel
2018-03-03 09:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-03-03 09:40 - 2017-01-27 11:22 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-03 09:34 - 2017-10-17 20:52 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-03 09:34 - 2017-10-17 20:52 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-03 09:28 - 2017-03-23 12:09 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2018-03-03 09:28 - 2017-03-07 13:14 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-03-03 09:21 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-03 09:20 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-03 09:19 - 2017-11-26 03:35 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2018-03-03 09:19 - 2017-07-13 02:58 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
2018-03-03 09:14 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-03 09:14 - 2017-08-11 10:05 - 000000000 ____D C:\Program Files\Elantech
2018-03-03 09:13 - 2017-08-11 10:04 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-03-03 09:12 - 2017-08-11 10:04 - 001410294 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-03-03 09:12 - 2017-08-11 10:04 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-03 09:12 - 2017-08-11 10:03 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-03 09:12 - 2016-10-14 04:10 - 000000000 ___HD C:\Intel
2018-03-03 02:59 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-03 02:51 - 2017-01-26 18:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-03-03 02:50 - 2017-08-11 10:03 - 000000000 ____D C:\Program Files\Realtek
2018-03-03 02:50 - 2017-04-20 04:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-03-03 02:50 - 2017-03-29 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2018-03-03 02:50 - 2017-03-24 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\photon interactive pvt ltd
2018-03-03 02:50 - 2016-12-29 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2Near the Edge
2018-03-03 02:40 - 2017-12-13 20:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-03-03 00:13 - 2017-11-21 05:01 - 000000000 ____D C:\Users\144\Desktop\Propublica
2018-03-01 13:02 - 2016-12-22 02:51 - 000000000 ____D C:\Users\144\AppData\Local\CrashDumps
2018-02-28 19:08 - 2017-11-21 05:04 - 000000000 ____D C:\Users\144\Desktop\REsearch
2018-02-26 10:25 - 2016-12-25 00:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-26 10:25 - 2016-10-14 04:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-24 06:06 - 2017-04-20 03:58 - 000000000 ____D C:\Users\144\Documents\Wondershare Filmora
2018-02-24 01:03 - 2018-01-21 20:03 - 000000000 ____D C:\Program Files\rempl
2018-02-24 00:53 - 2017-01-18 10:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-24 00:46 - 2018-01-07 03:30 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-24 00:46 - 2017-01-18 10:48 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-07-31 21:40 - 2017-03-20 11:57 - 000008768 _____ () C:\Program Files (x86)\AppxManifest.xml
2017-07-31 21:40 - 2017-03-20 11:32 - 013221390 _____ (FFmpeg Project) C:\Program Files (x86)\avcodec-57.dll
2017-07-31 21:40 - 2017-03-20 11:32 - 001874958 _____ (FFmpeg Project) C:\Program Files (x86)\avfilter-6.dll
2017-07-31 21:40 - 2017-03-20 11:32 - 002414094 _____ (FFmpeg Project) C:\Program Files (x86)\avformat-57.dll
2017-07-31 21:40 - 2017-03-20 11:32 - 000618510 _____ (FFmpeg Project) C:\Program Files (x86)\avutil-55.dll
2017-07-31 21:40 - 2017-01-03 17:37 - 000264128 _____ (Pulse-Eight Limited) C:\Program Files (x86)\cec.dll
2017-07-31 21:38 - 2017-03-19 04:38 - 000018660 _____ () C:\Program Files (x86)\copying.txt
2017-07-31 21:38 - 2017-01-22 15:52 - 000214528 _____ () C:\Program Files (x86)\cpluff.dll
2017-07-31 21:38 - 2016-07-28 03:01 - 003747512 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dcompiler_47.dll
2017-07-31 21:38 - 2013-11-17 14:12 - 000026624 _____ (Apple Inc.) C:\Program Files (x86)\dnssd.dll
2017-07-31 21:38 - 2016-07-07 07:52 - 000288256 _____ (easyhook.codeplex.com) C:\Program Files (x86)\EasyHook32.dll
2017-10-11 16:55 - 2017-10-11 16:55 - 000000032 _____ () C:\Program Files (x86)\KMSpico_setup.txt
2017-07-31 21:38 - 2017-03-20 11:57 - 014727168 _____ (XBMC-Foundation) C:\Program Files (x86)\kodi.exe
2017-07-31 21:38 - 2017-02-27 14:48 - 001881600 _____ () C:\Program Files (x86)\libass.dll
2017-07-31 21:38 - 2016-07-14 12:37 - 000775680 _____ () C:\Program Files (x86)\libbluray.dll
2017-07-31 21:38 - 2016-07-16 06:39 - 000183808 _____ () C:\Program Files (x86)\libcdio.dll
2017-07-31 21:38 - 2016-04-08 14:13 - 000383488 _____ (The cURL library, https://curl.haxx.se/) C:\Program Files (x86)\libcurl.dll
2017-07-31 21:38 - 2017-03-20 11:35 - 000073991 _____ () C:\Program Files (x86)\libdvdcss-2.dll
2017-07-31 21:38 - 2017-03-20 11:40 - 000260355 _____ () C:\Program Files (x86)\libdvdnav.dll
2017-07-31 21:38 - 2016-04-17 07:59 - 001389568 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\libeay32.dll
2017-07-31 21:38 - 2017-03-20 11:43 - 000020480 _____ () C:\Program Files (x86)\libexif.dll
2017-07-31 21:38 - 2016-08-06 07:49 - 004622336 _____ () C:\Program Files (x86)\libmysql.dll
2017-07-31 21:38 - 2016-02-02 08:06 - 000127488 _____ (https://github.com/sahlberg/libnfs) C:\Program Files (x86)\libnfs.dll
2017-07-31 21:38 - 2016-07-14 12:54 - 000096768 _____ () C:\Program Files (x86)\libplist.dll
2017-07-31 21:38 - 2016-07-14 11:12 - 002356224 _____ () C:\Program Files (x86)\libxml2.dll
2017-07-31 21:38 - 2016-07-14 11:14 - 000218112 _____ () C:\Program Files (x86)\libxslt.dll
2017-07-31 21:38 - 2017-03-19 04:37 - 000015706 _____ () C:\Program Files (x86)\LICENSE.GPL
2017-07-31 21:38 - 2017-03-20 11:32 - 000115726 _____ (FFmpeg Project) C:\Program Files (x86)\postproc-54.dll
2017-07-31 21:38 - 2017-03-19 04:38 - 000005191 _____ () C:\Program Files (x86)\privacy-policy.txt
2017-07-31 21:38 - 2016-01-16 10:21 - 002705920 _____ (Python Software Foundation) C:\Program Files (x86)\python27.dll
2017-07-31 21:38 - 2016-07-27 12:36 - 000099840 _____ () C:\Program Files (x86)\shairplay.dll
2017-07-31 21:38 - 2016-02-05 09:43 - 000721408 _____ () C:\Program Files (x86)\sqlite3.dll
2017-07-31 21:38 - 2016-07-15 11:58 - 000418816 _____ () C:\Program Files (x86)\ssh.dll
2017-07-31 21:38 - 2016-04-17 07:59 - 000274944 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\ssleay32.dll
2017-07-31 21:38 - 2017-03-20 11:32 - 000129038 _____ (FFmpeg Project) C:\Program Files (x86)\swresample-2.dll
2017-07-31 21:38 - 2017-03-20 11:32 - 000554510 _____ (FFmpeg Project) C:\Program Files (x86)\swscale-4.dll
2017-07-31 21:38 - 2017-05-15 21:47 - 000447747 _____ (XBMC-Foundation) C:\Program Files (x86)\Uninstall.exe
2017-07-31 21:38 - 2016-05-22 05:32 - 000098816 _____ () C:\Program Files (x86)\zlib.dll
2017-10-05 01:51 - 2017-10-05 02:07 - 000000764 _____ () C:\Users\144\AppData\Roaming\PPTConverter.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-13 11:32

==================== End of FRST.txt ============================

 

And:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by 144 (21-03-2018 12:46:41)
Running from C:\Users\144\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2018-03-03 14:48:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

144 (S-1-5-21-3807269509-1413305664-3201116232-1001 - Administrator - Enabled) => C:\Users\144
Administrator (S-1-5-21-3807269509-1413305664-3201116232-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3807269509-1413305664-3201116232-503 - Limited - Disabled)
Guest (S-1-5-21-3807269509-1413305664-3201116232-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3807269509-1413305664-3201116232-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3007 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Beatport Pro (HKLM-x32\...\{6DD1A4E5-C3F9-48CE-A452-CFDBA3526BEE}) (Version: 1.0.0.22000 - Beatport)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 63.0.3239.108 - Comodo)
COMODO Internet Security Pro (HKLM\...\{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2}) (Version: 10.1.0.6476 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Pro (HKLM\...\COMODO Internet Security) (Version: 10.1.0.6476 - COMODO Security Solutions Inc.)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA430655}) (Version: 1.3.134.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.3.430655.134 - Comodo)
ConverterLite 1.6.11.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.11.0 - ConverterLite)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
eBay Weblink (HKLM-x32\...\{7F3596EF-B661-43EE-A321-AD3C3EB9B525}) (Version: 1.16.0726 - Acer)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM\...\{A7114807-E005-4602-8A93-0DD63D1A6CA0}) (Version: 4.30.226 - Comodo Security Solutions Inc) Hidden
GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.30.226 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
Kodi (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Loopcloud version 1.3.10 (HKLM\...\Loopcloud_is1) (Version: 1.3.10 - )
MAGIX Connector (HKLM-x32\...\MAGIX_connector_is1) (Version: 2.5.1.55 - simplitec GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{A4BF76B3-070C-4F49-87AF-C4B6D5EE6A9B}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x64 en-US)) (Version: 52.6.0 - Mozilla)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Music Maker (HKLM\...\{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.0.23 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.0.23 - MAGIX Software GmbH)
Numerology Calculator (HKLM-x32\...\Numerology Calculator_is1) (Version: 3.41 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Priceline.com Weblink (HKLM-x32\...\{4A9B758D-CBDA-43EA-A5AF-EE25206E3507}) (Version: 1.16.0726 - Acer)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7751 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Traxsource Downloader (HKLM-x32\...\{095D3983-E7F8-28F9-FA4E-B12300949C56}) (Version: 0.99 - Digistics, Inc.) Hidden
Traxsource Downloader (HKLM-x32\...\TraxsourceDownloader) (Version: 0.99 - Digistics, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
VirtualDJ 8 (HKLM-x32\...\{B7D6C720-CB38-41AA-9804-0AA2090BE1B5}) (Version: 8.2.3573.0 - Atomix Productions)
Vita Concert Grand LE (HKLM\...\{52612301-8B97-41AB-B740-CD1CE44305DC}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WarpPro Beat Editor (HKLM-x32\...\{35698F4F-A265-49BF-B552-BE3BB2514441}) (Version: 1.0.0.53081 - WarpPro.com)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
Wondershare Filmora(Build 8.1.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Zoom (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3807269509-1413305664-3201116232-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxDTCM.dll [2017-08-01] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0025834B-9C50-4459-A8DC-79E163A4ED42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-13] (Google Inc.)
Task: {07A9B5DD-ABB8-4E33-9A2D-18AB7102D2DE} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {0A4DC08D-222F-43D6-9DBC-BE91F37ACCAA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1770060D-4D0D-40E2-AB17-190A23A042BF} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-07-29] (Acer Incorporated)
Task: {23682171-5D15-41B9-A22F-5EC37A21577B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {28B4062E-2D73-43C4-9E9B-B2D19C1C0F09} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {35F2BABF-0731-4D91-808C-58994EA6772D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {413C33B6-63E6-4375-9428-88C172E6F28D} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe
Task: {59FF602F-3F80-471D-AB66-8F9C20FB4CC1} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {697E3A60-7DEC-44F1-B9D0-3F44AF307F33} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-07-29] (Acer Incorporated)
Task: {69B7C5B8-6BC4-4C78-AFD7-96CBB1EDCE44} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-06-24] ()
Task: {93C5AB6B-CD9F-42D7-BE6F-8595CFF4347C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {9491FC20-AD84-4C1F-81B5-28DE19BE9283} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {A0912222-A22A-4BD9-AD2C-A5074C47B5CC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {A6F87833-1EE0-4C60-BD12-93135BD9B0B9} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-01-08] (COMODO)
Task: {A98FED2B-817A-4EB5-83B2-26E3B47B767D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {AAD3539B-D595-45E0-8D42-56FB22E73C05} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-01-08] (COMODO)
Task: {B0F80708-3208-474D-8D2C-861944C79AD0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-16] (Microsoft Corporation)
Task: {B5C5EDC3-0B12-457E-9A5D-EA644BF0FD72} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {B72111F2-2490-49F4-9643-5C5A8EF61230} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {BE078364-1672-4423-8045-808B6D651B0B} - System32\Tasks\MAGIX Connector => C:\Program Files (x86)\MAGIX\Connector\connector.exe [2017-03-17] (MAGIX Software GmbH)
Task: {C6F7F8E3-352B-4C42-B7BC-5D63EAD730D3} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-24] ()
Task: {C76989FE-5B24-4C67-BB05-66FBE1029ED3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {CC5A9B60-41A6-4D6B-879F-4EEACEEF5464} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-13] (Google Inc.)
Task: {EE01A22B-BCFE-457E-BDAF-7DE858DD2FA6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-01-08] (COMODO)
Task: {EEAF3850-D10D-4FD4-8A43-3FEB4DF1D71C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {F1CF9231-7595-43C0-8313-B5D84B982B9B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-06-24] ()
Task: {F46CD9D5-EB2F-43C9-B717-CA2912894F8F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\MAGIX Connector.job => C:\Program Files (x86)\MAGIX\Connector\connector.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-04-22 23:28 - 2018-01-08 19:17 - 000156584 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-04-22 23:27 - 2018-01-08 19:16 - 000106408 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-04-22 23:27 - 2018-01-08 19:16 - 000245160 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-09-01 06:15 - 2017-09-01 06:15 - 000495872 _____ () C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
2018-03-16 12:00 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-16 12:00 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-13 20:33 - 2017-12-13 20:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 20:33 - 2017-12-13 20:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-28 15:03 - 2018-02-28 15:11 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-06-24 20:54 - 2016-06-24 20:54 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-11-17 04:10 - 2016-12-09 19:08 - 001029944 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2018-02-08 23:54 - 2018-02-08 23:55 - 025843200 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-02-08 23:54 - 2018-02-08 23:55 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-08 23:54 - 2018-02-08 23:55 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-01-03 19:40 - 2018-01-03 19:41 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-01-03 19:35 - 2018-01-03 19:36 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-08 23:54 - 2018-02-08 23:55 - 005527040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2018-03-12 22:14 - 2018-03-12 22:15 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-12 22:14 - 2018-03-12 22:15 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-12 22:15 - 2018-03-12 22:15 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10572.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
2018-03-12 22:15 - 2018-03-12 22:15 - 016893440 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10572.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.dll
2018-03-12 22:15 - 2018-03-12 22:15 - 005257096 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1802.1.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2018-01-03 19:42 - 2018-01-03 19:42 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10572.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-16 11:25 - 2017-09-07 03:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-10-14 04:42 - 2016-05-16 13:02 - 000111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2017-09-22 16:14 - 2017-09-22 16:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 16:16 - 2017-09-22 16:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-03-03 09:20 - 2018-03-03 09:20 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 13:35 - 2017-09-26 13:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 13:34 - 2017-09-26 13:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-04-20 11:23 - 000000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "vdcss"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86118CEE-4154-46D2-B487-41D292B00F13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FADEA258-A691-4922-A278-E618084530B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9C395515-677D-425E-B0FB-EB628D32DFFA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{26C71A40-3F56-4554-B693-3EEE75708106}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5A42F546-9DD9-40A5-A08E-94C7754090F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{7197F49A-2A33-4C6B-BDE0-221620AD061D}C:\program files (x86)\nch software\mixpad\mixpad.exe] => (Block) C:\program files (x86)\nch software\mixpad\mixpad.exe
FirewallRules: [TCP Query User{B6771475-E79E-4B00-BB23-DD40D6C6BBA0}C:\program files (x86)\nch software\mixpad\mixpad.exe] => (Block) C:\program files (x86)\nch software\mixpad\mixpad.exe
FirewallRules: [{16A99FD6-5A98-43B6-9F7E-21ADA6DEF96F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{DD688195-9B93-44B3-A568-9B3636C136B9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6A2E8351-005E-4B4B-AD26-BDD0E6E2B4EA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CFDA4D80-3070-496C-94B9-DF59946567C3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{3DCC7E6D-6630-4527-B309-88F306DF829C}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{68BFCD5E-D6B4-49A2-8F70-30A09C482D74}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{95A462FE-DA21-4C10-B20F-B192F8C1E2E5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C06A827E-545F-4719-BAE7-040BA253821B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4ABF1B0B-82F4-45B1-839C-6D011656A37D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9B8F6089-200E-4CB2-8B3F-663EB3790F67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AFA3A47-8605-4246-861F-013DF780FC53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D332A41-8D54-4FC7-9230-5949C780731C}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker\25\MusicMaker.exe
FirewallRules: [{2A20D519-252D-475C-8517-E156276765DC}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{25A2899D-F81C-4081-8E37-9DA736CAF9B8}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{789A8998-7F79-47F3-9129-064E5EDDE3A6}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{0EED6558-764D-4926-ACDA-A1BD32B9B8AD}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{3A551AAE-2222-4023-A5A3-10E5FE19E02A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D2942A7F-1089-4F7D-8363-D59D513C253A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{45F2910F-CF92-4ADE-8B84-2CC509288775}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [TCP Query User{ED01C1AF-81FB-4E95-974A-9AFD8B24284D}C:\program files (x86)\kodibackup\kodi.exe] => (Allow) C:\program files (x86)\kodibackup\kodi.exe
FirewallRules: [UDP Query User{EFDC4C00-6B6F-4579-AD0E-F3B8F272AB19}C:\program files (x86)\kodibackup\kodi.exe] => (Allow) C:\program files (x86)\kodibackup\kodi.exe

==================== Restore Points =========================

05-03-2018 21:28:11 Windows Modules Installer
13-03-2018 01:52:29 Windows Update
20-03-2018 23:41:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2018 11:10:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x1ab8
Faulting application start time: 0x01d3c097ad9547f9
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 9b7149d4-a38b-4720-ac05-ce5300038c9c
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (03/21/2018 11:10:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-5HFN347G)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (03/20/2018 11:49:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-5HFN347G)
Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/20/2018 08:25:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-5HFN347G)
Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/20/2018 06:33:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 56.0.0.6478, time stamp: 0x59cab8da
Faulting module name: xul.dll, version: 56.0.0.6478, time stamp: 0x59cab8c9
Exception code: 0xc0000005
Fault offset: 0x009b28da
Faulting process id: 0x2dc8
Faulting application start time: 0x01d3c0a3d099797a
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 998a9d29-9deb-43d3-a6ff-f18e2e4ed589
Faulting package full name:
Faulting package-relative application ID:

Error: (03/20/2018 05:46:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-5HFN347G)
Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/20/2018 04:58:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-5HFN347G)
Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/20/2018 01:48:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-5HFN347G)
Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.


System errors:
=============
Error: (03/21/2018 12:15:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5HFN347G)
Description: The server Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe!App did not register with DCOM within the required timeout.

Error: (03/21/2018 12:14:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Auto Time Zone Updater service failed to start due to the following error:
Access is denied.

Error: (03/21/2018 10:50:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:48:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Auto Time Zone Updater service failed to start due to the following error:
Access is denied.

Error: (03/21/2018 05:58:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 03:58:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 11:49:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 07:18:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-03-21 12:33:21.500
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 12:33:21.460
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-21 12:33:21.407
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 12:33:21.056
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-21 12:29:16.802
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-21 12:29:16.765
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-21 12:15:19.353
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-21 12:15:18.895
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 86%
Total physical RAM: 3943.41 MB
Available physical RAM: 524.64 MB
Total Virtual: 8757.89 MB
Available Virtual: 1554.38 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:727.23 GB) NTFS

\\?\Volume{e9baef2f-ff25-4cda-8b36-bae59e850406}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{af485cf5-6e67-4913-9667-9b175b26a112}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F8F7E34F)

Partition: GPT.

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 22 March 2018 - 05:39 AM

MikeHype:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 22 March 2018 - 11:23 AM

MikeHype:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I would recomend that you uninstall this program from your computer.
 

GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.30.226 - Comodo Security Solutions Inc)

 

Please see this link for more information about why I am recommending that you uninstall this program from your computer. It is your computer so it is YOUR decision. Personally, I would not it on my computer. Please let me know if you uninstall this program.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpi;C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\{dbb477cc-8be4-44f4-9cc2-845632a7e433}.xpi
CHR Extension: (Total AV Web Shield) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-14]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
File: C:\WINDOWS\amunres.lsl;C:\Program Files (x86)\libexif.dll
2017-10-11 16:55 - 2017-10-11 16:55 - 000000032 _____ () C:\Program Files (x86)\KMSpico_setup.txt
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0A4DC08D-222F-43D6-9DBC-BE91F37ACCAA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 25 March 2018 - 11:48 AM

MikeHype:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 25 March 2018 - 04:21 PM

Hi Phil, and sorry for the delay. When the instructions mentioned a response could take up to 5 days, I literally assumed this to be true. Now that I know you're on a time constraint as well: I'll take care of this right away. Thanks for your patience.
 
MikeHype


#6 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 25 March 2018 - 09:50 PM

Good Eve Phil:

 

    Per your request, I deleted the GeekBuddy program, backed up my computer and here are the results from the FRST scan:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by 144 (25-03-2018 21:34:54) Run:1
Running from C:\Users\144\Downloads
Loaded Profiles: 144 &  (Available Profiles: 144)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpi;C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\{dbb477cc-8be4-44f4-9cc2-845632a7e433}.xpi
CHR Extension: (Total AV Web Shield) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-14]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
File: C:\WINDOWS\amunres.lsl;C:\Program Files (x86)\libexif.dll
2017-10-11 16:55 - 2017-10-11 16:55 - 000000032 _____ () C:\Program Files (x86)\KMSpico_setup.txt
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0A4DC08D-222F-43D6-9DBC-BE91F37ACCAA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

*****************

Restore point was successfully created.
Processes closed successfully.
"VirusTotal: C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpi" => not found
"VirusTotal: C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\{dbb477cc-8be4-44f4-9cc2-845632a7e433}.xpi" => not found
CHR Extension: (Total AV Web Shield) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-14] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc" => removed successfully

========================= File: C:\WINDOWS\amunres.lsl;C:\Program Files (x86)\libexif.dll ========================

C:\WINDOWS\amunres.lsl
File not signed
MD5: 9D47397D58EA49F48E359F50E8DF6F8B
Creation and modification date: 2018-02-21 03:32 - 2018-02-21 03:32
Size: 000000011
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

C:\Program Files (x86)\libexif.dll
File not signed
MD5: 774CA5870D51A0B34DAA0B475519A295
Creation and modification date: 2017-07-31 21:38 - 2017-03-20 11:43
Size: 000020480
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

C:\Program Files (x86)\KMSpico_setup.txt => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A4DC08D-222F-43D6-9DBC-BE91F37ACCAA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A4DC08D-222F-43D6-9DBC-BE91F37ACCAA}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-03-2018 21:42:52)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 21:42:59 ====

 

Thank you for your patience.

 

MikeHype



#7 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 26 March 2018 - 10:53 AM

In addition Phil, I followed the instructions for deleting GB and here are the results from Adwcleaner, and Hitman just found a lot of cookies that it deleted:

 

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 26 15:18:58 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\144\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\144\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\144\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\144\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Program Files\WinZip\WinZip Smart Monitor
Deleted: C:\Users\144\AppData\Roaming\TotalAV
Deleted: C:\Users\144\Documents\TotalAV
Deleted: C:\Program Files (x86)\dnssd.dll


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{789A8998-7F79-47F3-9129-064E5EDDE3A6}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0EED6558-764D-4926-ACDA-A1BD32B9B8AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted: [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Total AV Web Shield -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3994 B] - [2017/3/24 23:22:53]
C:/AdwCleaner/AdwCleaner[S0].txt - [3784 B] - [2017/3/24 23:21:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [3967 B] - [2018/3/26 15:10:47]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########



#8 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 26 March 2018 - 11:09 AM

Windows console continues to open and in triplets (see attachment).

 

Thx Phil.

Attached Files



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 26 March 2018 - 12:43 PM

MikeHype:
 
Thank you for your post.  There is no need to be concerned about multiple instances of the Windows Console Host process running.  Please see this link for more information.
 
I am not seeing any active malware on your computer, so I think it is time to remove the anti-malware tools that we have run.
 
.

:step1: Please provide me with a fresh set of FRST logs. I would like to make a final reconnaisance of your computer and I also want to identify the anti-malware scanners and cleaners that we used, so that we can delete them in the next post.

If there are any anti-malware tools that you want to keep, please let me know, although it is always advisable to download the latest versions of those tools, since they are updated so frequently.

If you have Malwarebytes installed, I would suggest that you keep it. If you don't want to keep Malwarebytes installed on your computer, please go to this link to download the latest version of MB-Clean.exe and run it to remove all traces of Malwarebytes. Please let me know if you did uninstall Malwarebytes. Once you have run the MB-Clean.exe tool successfully, you can manually delete that file as well.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 26 March 2018 - 04:42 PM

Good Afternoon Phil:

 

    Here is the Frst scan log file. I'm currently using the trial version of Maleware, prefer a free software if you could recommend one. I plan on deleting Maleware:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by 144 (26-03-2018 16:37:22)
Running from C:\Users\144\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2018-03-03 14:48:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

144 (S-1-5-21-3807269509-1413305664-3201116232-1001 - Administrator - Enabled) => C:\Users\144
Administrator (S-1-5-21-3807269509-1413305664-3201116232-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3807269509-1413305664-3201116232-503 - Limited - Disabled)
Guest (S-1-5-21-3807269509-1413305664-3201116232-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3807269509-1413305664-3201116232-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3007 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Beatport Pro (HKLM-x32\...\{6DD1A4E5-C3F9-48CE-A452-CFDBA3526BEE}) (Version: 1.0.0.22000 - Beatport)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 63.0.3239.108 - Comodo)
COMODO Internet Security Pro (HKLM\...\{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2}) (Version: 10.1.0.6476 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Pro (HKLM\...\COMODO Internet Security) (Version: 10.1.0.6476 - COMODO Security Solutions Inc.)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA430655}) (Version: 1.3.134.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.3.430655.134 - Comodo)
ConverterLite 1.6.11.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.11.0 - ConverterLite)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
eBay Weblink (HKLM-x32\...\{7F3596EF-B661-43EE-A321-AD3C3EB9B525}) (Version: 1.16.0726 - Acer)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
Kodi (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Loopcloud version 1.3.10 (HKLM\...\Loopcloud_is1) (Version: 1.3.10 - )
MAGIX Connector (HKLM-x32\...\MAGIX_connector_is1) (Version: 2.5.1.55 - simplitec GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{A4BF76B3-070C-4F49-87AF-C4B6D5EE6A9B}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x64 en-US)) (Version: 52.6.0 - Mozilla)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Music Maker (HKLM\...\{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.0.23 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.0.23 - MAGIX Software GmbH)
Numerology Calculator (HKLM-x32\...\Numerology Calculator_is1) (Version: 3.41 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Priceline.com Weblink (HKLM-x32\...\{4A9B758D-CBDA-43EA-A5AF-EE25206E3507}) (Version: 1.16.0726 - Acer)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7751 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Traxsource Downloader (HKLM-x32\...\{095D3983-E7F8-28F9-FA4E-B12300949C56}) (Version: 0.99 - Digistics, Inc.) Hidden
Traxsource Downloader (HKLM-x32\...\TraxsourceDownloader) (Version: 0.99 - Digistics, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
VirtualDJ 8 (HKLM-x32\...\{B7D6C720-CB38-41AA-9804-0AA2090BE1B5}) (Version: 8.2.3573.0 - Atomix Productions)
Vita Concert Grand LE (HKLM\...\{52612301-8B97-41AB-B740-CD1CE44305DC}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WarpPro Beat Editor (HKLM-x32\...\{35698F4F-A265-49BF-B552-BE3BB2514441}) (Version: 1.0.0.53081 - WarpPro.com)
WD Backup (HKLM-x32\...\{67C2F93C-8E4E-4BD2-863A-4DCE7EB359D9}) (Version: 1.2.5721.28811 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{953eccd5-26ad-450b-af24-c50227e0fb74}) (Version: 1.2.5721.28811 - Western Digital Technologies, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
Wondershare Filmora(Build 8.1.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Zoom (HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3807269509-1413305664-3201116232-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxDTCM.dll [2017-08-01] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0025834B-9C50-4459-A8DC-79E163A4ED42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-13] (Google Inc.)
Task: {07A9B5DD-ABB8-4E33-9A2D-18AB7102D2DE} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {1770060D-4D0D-40E2-AB17-190A23A042BF} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-07-29] (Acer Incorporated)
Task: {23682171-5D15-41B9-A22F-5EC37A21577B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {28B4062E-2D73-43C4-9E9B-B2D19C1C0F09} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {35F2BABF-0731-4D91-808C-58994EA6772D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {413C33B6-63E6-4375-9428-88C172E6F28D} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe
Task: {59FF602F-3F80-471D-AB66-8F9C20FB4CC1} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {697E3A60-7DEC-44F1-B9D0-3F44AF307F33} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-07-29] (Acer Incorporated)
Task: {69B7C5B8-6BC4-4C78-AFD7-96CBB1EDCE44} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-06-24] ()
Task: {93C5AB6B-CD9F-42D7-BE6F-8595CFF4347C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {9491FC20-AD84-4C1F-81B5-28DE19BE9283} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {A0912222-A22A-4BD9-AD2C-A5074C47B5CC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {A6F87833-1EE0-4C60-BD12-93135BD9B0B9} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-01-08] (COMODO)
Task: {A98FED2B-817A-4EB5-83B2-26E3B47B767D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {AAD3539B-D595-45E0-8D42-56FB22E73C05} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-01-08] (COMODO)
Task: {B0F80708-3208-474D-8D2C-861944C79AD0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-16] (Microsoft Corporation)
Task: {B5C5EDC3-0B12-457E-9A5D-EA644BF0FD72} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {B72111F2-2490-49F4-9643-5C5A8EF61230} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {BE078364-1672-4423-8045-808B6D651B0B} - System32\Tasks\MAGIX Connector => C:\Program Files (x86)\MAGIX\Connector\connector.exe [2017-03-17] (MAGIX Software GmbH)
Task: {C6F7F8E3-352B-4C42-B7BC-5D63EAD730D3} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-24] ()
Task: {C76989FE-5B24-4C67-BB05-66FBE1029ED3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {CC5A9B60-41A6-4D6B-879F-4EEACEEF5464} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-13] (Google Inc.)
Task: {EE01A22B-BCFE-457E-BDAF-7DE858DD2FA6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-01-08] (COMODO)
Task: {EEAF3850-D10D-4FD4-8A43-3FEB4DF1D71C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {F1CF9231-7595-43C0-8313-B5D84B982B9B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-06-24] ()
Task: {F46CD9D5-EB2F-43C9-B717-CA2912894F8F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\MAGIX Connector.job => C:\Program Files (x86)\MAGIX\Connector\connector.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-04-22 23:28 - 2018-01-08 19:17 - 000156584 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-04-22 23:27 - 2018-01-08 19:16 - 000106408 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-04-22 23:27 - 2018-01-08 19:16 - 000245160 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2018-03-16 12:00 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-16 12:00 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-03-16 11:25 - 2017-09-07 03:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2017-12-13 20:33 - 2017-12-13 20:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 20:33 - 2017-12-13 20:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-28 15:03 - 2018-02-28 15:11 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-02-28 15:03 - 2018-02-28 15:11 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-11-17 04:10 - 2016-12-09 19:08 - 001029944 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2016-06-24 20:54 - 2016-06-24 20:54 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-09-22 16:14 - 2017-09-22 16:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 16:16 - 2017-09-22 16:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-03-03 09:20 - 2018-03-03 09:20 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 13:35 - 2017-09-26 13:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 13:34 - 2017-09-26 13:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-04-20 11:23 - 000000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "vdcss"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FADEA258-A691-4922-A278-E618084530B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9C395515-677D-425E-B0FB-EB628D32DFFA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{26C71A40-3F56-4554-B693-3EEE75708106}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5A42F546-9DD9-40A5-A08E-94C7754090F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{7197F49A-2A33-4C6B-BDE0-221620AD061D}C:\program files (x86)\nch software\mixpad\mixpad.exe] => (Block) C:\program files (x86)\nch software\mixpad\mixpad.exe
FirewallRules: [TCP Query User{B6771475-E79E-4B00-BB23-DD40D6C6BBA0}C:\program files (x86)\nch software\mixpad\mixpad.exe] => (Block) C:\program files (x86)\nch software\mixpad\mixpad.exe
FirewallRules: [{16A99FD6-5A98-43B6-9F7E-21ADA6DEF96F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{DD688195-9B93-44B3-A568-9B3636C136B9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6A2E8351-005E-4B4B-AD26-BDD0E6E2B4EA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CFDA4D80-3070-496C-94B9-DF59946567C3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{3DCC7E6D-6630-4527-B309-88F306DF829C}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{68BFCD5E-D6B4-49A2-8F70-30A09C482D74}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{95A462FE-DA21-4C10-B20F-B192F8C1E2E5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C06A827E-545F-4719-BAE7-040BA253821B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4ABF1B0B-82F4-45B1-839C-6D011656A37D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9B8F6089-200E-4CB2-8B3F-663EB3790F67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AFA3A47-8605-4246-861F-013DF780FC53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9D332A41-8D54-4FC7-9230-5949C780731C}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker\25\MusicMaker.exe
FirewallRules: [{2A20D519-252D-475C-8517-E156276765DC}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{25A2899D-F81C-4081-8E37-9DA736CAF9B8}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{3A551AAE-2222-4023-A5A3-10E5FE19E02A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D2942A7F-1089-4F7D-8363-D59D513C253A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{45F2910F-CF92-4ADE-8B84-2CC509288775}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [TCP Query User{ED01C1AF-81FB-4E95-974A-9AFD8B24284D}C:\program files (x86)\kodibackup\kodi.exe] => (Allow) C:\program files (x86)\kodibackup\kodi.exe
FirewallRules: [UDP Query User{EFDC4C00-6B6F-4579-AD0E-F3B8F272AB19}C:\program files (x86)\kodibackup\kodi.exe] => (Allow) C:\program files (x86)\kodibackup\kodi.exe
FirewallRules: [{FCC39B99-4B3A-49DC-8239-E12062ECD8E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-03-2018 21:28:11 Windows Modules Installer
13-03-2018 01:52:29 Windows Update
20-03-2018 23:41:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2018 03:33:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.16299.98, time stamp: 0x5a1aada9
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc000027b
Fault offset: 0x00000000006e7ae9
Faulting process id: 0x1f7c
Faulting application start time: 0x01d3c5162f871eb8
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: c7632bbd-4318-4ce7-83ac-2b4df0533f54
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (03/26/2018 12:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupService.exe, version: 1.0.5721.28821, time stamp: 0x55e4eaaa
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xe0434352
Fault offset: 0x001008b2
Faulting process id: 0x19c8
Faulting application start time: 0x01d3c5165a696bfa
Faulting application path: C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD APP MANAGER\PLUGINS\WD BACKUP\App\WDBackupService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e3dd9276-56e8-473a-a8d4-600f27ba1fc5
Faulting package full name:
Faulting package-relative application ID:

Error: (03/26/2018 12:30:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.__ConsoleStream.Write(Byte[], Int32, Int32)
   at System.IO.StreamWriter.Flush(Boolean, Boolean)
   at System.IO.StreamWriter.Write(Char[], Int32, Int32)
   at System.IO.TextWriter.WriteLine(System.String)
   at System.IO.TextWriter+SyncTextWriter.WriteLine(System.String)
   at WDBackupService.Scheduler.ScheduleManager.OnTimedEvent(System.Object)
   at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.TimerQueueTimer.CallCallback()
   at System.Threading.TimerQueueTimer.Fire()
   at System.Threading.TimerQueue.FireNextTimers()
   at System.Threading.TimerQueue.AppDomainTimerCallback()

Error: (03/25/2018 09:39:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/25/2018 09:34:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fcde71fd-cef6-48d6-b36a-f9330e3883dc}

Error: (03/25/2018 07:00:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/25/2018 07:00:08 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (03/25/2018 07:00:08 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (03/26/2018 04:32:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/26/2018 04:25:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/26/2018 04:23:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/26/2018 04:23:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/26/2018 04:23:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/26/2018 04:23:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/26/2018 04:23:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/26/2018 04:23:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-03-26 16:32:57.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-26 16:32:57.390
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-26 16:27:13.767
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-26 16:27:13.759
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-26 16:27:12.754
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-26 16:27:12.744
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-26 16:27:12.280
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-26 16:27:12.270
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 68%
Total physical RAM: 3943.41 MB
Available physical RAM: 1228.43 MB
Total Virtual: 7271.41 MB
Available Virtual: 3391.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:726.56 GB) NTFS

\\?\Volume{e9baef2f-ff25-4cda-8b36-bae59e850406}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{af485cf5-6e67-4913-9667-9b175b26a112}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F8F7E34F)

Partition: GPT.

==================== End of Addition.txt ============================

 

Thanks,

 

MikeHype



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 27 March 2018 - 06:17 AM

MikeHype:

 

Thank you for your post.  Unfortunately, you only copied and pasted the contents of the FRST "Addition.txt" file. :(  I also need a copy of the "FRST.txt" scan file, which should be located in this folder: C:\Users\144\Downloads, where the "Addition.txt" file is located. :)

 

Please copy and paste the contents of the "FRST.txt" file in your next reply, so that I can clean out the anti-malware tools that I used to disinfect your computer.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 27 March 2018 - 09:17 PM

Good Evening Phil:

 

       Here are the results from the Frst scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by 144 (administrator) on LAPTOP-5HFN347G (26-03-2018 16:32:45)
Running from C:\Users\144\Downloads
Loaded Profiles: 144 (Available Profiles: 144)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHeciSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxEM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxext.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16419072 2016-02-25] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2182568 2018-01-08] (COMODO)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [8511160 2017-10-20] (COMODO)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-08-31] (Western Digital Technologies, Inc.)
Startup: C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-11-17]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{0bead2cf-5acf-4261-b70a-f4ffa60aef7f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5448ab9c-e503-460d-8eb0-880bf42f33a3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d58f13c-945b-4d77-9236-4d9c3c4aee52}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{c39430a5-f05c-42a2-b407-f49635e5563c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{cea11d30-7eb9-40a6-a30a-052e20573fd0}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-3807269509-1413305664-3201116232-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-3807269509-1413305664-3201116232-1001 -> DefaultScope {AE2CBE7E-1953-4C86-A1E0-273A2EABB78C} URL =
SearchScopes: HKU\S-1-5-21-3807269509-1413305664-3201116232-1001 -> {AE2CBE7E-1953-4C86-A1E0-273A2EABB78C} URL =
BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2017-10-20] (COMODO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-03] (Microsoft Corporation)
BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2017-10-20] (COMODO)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: d2n6h34p.default
FF ProfilePath: C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default [2018-03-26]
FF Homepage: Mozilla\Firefox\Profiles\d2n6h34p.default -> hxxps://google.com
FF Extension: (Webmail Ad Blocker) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\gmailnoads@mywebber.com.xpi [2018-03-08]
FF Extension: (English (US) Language Pack) - C:\Users\144\AppData\Roaming\Mozilla\Firefox\Profiles\d2n6h34p.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-11-04] [Legacy]
FF ProfilePath: C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1 [2017-04-30]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1\Extensions\abb-acer@amazon.com [2017-04-30] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1\Extensions\langpack-en-US@firefox.mozilla.org [2017-04-30] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\144\AppData\Roaming\Comodo\CSS\User Data-firefox1\Extensions\partnerdefaults@mozilla.com [2017-04-30] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2016-12-25] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2016-12-25] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2016-12-25] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3807269509-1413305664-3201116232-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\144\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-03-06] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\144\AppData\Local\Google\Chrome\User Data\Default [2018-03-26]
CHR Extension: (Slides) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-14]
CHR Extension: (YouTube) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-14]
CHR Extension: (Sheets) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-15]
CHR Extension: (Total AV Web Shield) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-14]
CHR Extension: (Gmail) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\144\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe [3233064 2018-01-26] (Intel Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-25] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10962648 2018-01-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2875816 2018-01-08] (COMODO)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4193464 2017-10-20] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272520 2018-02-23] (Comodo)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-07-29] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-07-29] (Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-27] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
S2 WinZip Compression Smart Monitor Service; "C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows ® Win 7 DDK provider)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [126568 2017-10-17] (COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2017-12-28] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [830448 2017-12-28] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-12-28] (COMODO)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [185416 2015-09-05] (ELAN Microelectronic Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-03-26] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [180992 2016-10-15] (Intel Corporation)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [129200 2017-03-31] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-07-29] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-26] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-07-29] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-16] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-26 16:23 - 2018-03-26 16:23 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-26 16:17 - 2018-03-26 16:30 - 001006669 _____ C:\Users\144\Desktop\mb-check-results.zip
2018-03-26 16:16 - 2018-03-26 16:16 - 002326304 _____ (Malwarebytes Corporation) C:\Users\144\Downloads\mb-check-3.1.10.1000.exe
2018-03-26 15:41 - 2017-11-21 01:00 - 000026244 _____ C:\Users\144\Desktop\reporter_jobs_response_gGYqfspt6iXH.pdf
2018-03-26 15:25 - 2018-02-28 15:27 - 000670571 _____ C:\Users\144\Desktop\ProPublica looking to hire reporters Illinois + Misspellings.pdf
2018-03-26 10:29 - 2018-03-26 10:29 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-03-26 10:26 - 2018-03-26 10:29 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-26 10:25 - 2018-03-26 10:26 - 011605440 _____ (SurfRight B.V.) C:\Users\144\Downloads\HitmanPro_x64.exe
2018-03-26 10:12 - 2018-03-26 10:12 - 000003967 _____ C:\Users\144\Desktop\AdwCleaner[S1].txt
2018-03-25 21:58 - 2018-03-25 22:00 - 008222496 _____ (Malwarebytes) C:\Users\144\Downloads\AdwCleaner(1).exe
2018-03-25 21:34 - 2018-03-25 21:42 - 000004019 _____ C:\Users\144\Downloads\Fixlog.txt
2018-03-25 16:20 - 2018-03-25 16:20 - 000000000 ____D C:\Users\144\AppData\Roaming\Western Digital
2018-03-25 16:19 - 2018-03-25 16:19 - 000002230 _____ C:\Users\Public\Desktop\WD Backup.lnk
2018-03-25 16:19 - 2018-03-25 16:19 - 000000000 ____D C:\ProgramData\Western Digital
2018-03-25 16:19 - 2018-03-25 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2018-03-25 16:19 - 2018-03-25 16:19 - 000000000 ____D C:\Program Files (x86)\Western Digital
2018-03-21 12:35 - 2018-03-21 12:35 - 002403328 _____ (Farbar) C:\Users\144\Downloads\FRST64.exe
2018-03-20 13:41 - 2018-03-20 14:00 - 000000000 ____D C:\Users\144\Desktop\imports
2018-03-17 00:10 - 2018-03-22 14:01 - 000000000 ___RD C:\Users\144\Desktop\Move On
2018-03-16 12:03 - 2018-03-26 16:28 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-16 12:03 - 2018-03-26 16:23 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-16 12:03 - 2018-03-16 12:03 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-16 12:02 - 2018-03-16 12:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-16 12:00 - 2018-03-16 12:00 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-16 12:00 - 2018-03-16 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-16 12:00 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-16 11:59 - 2018-03-16 11:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-16 11:59 - 2018-03-16 11:59 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-16 11:45 - 2018-03-16 11:48 - 069748432 _____ (Malwarebytes ) C:\Users\144\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4352.exe
2018-03-13 22:48 - 2018-03-13 22:48 - 000000000 ____D C:\Users\144\Documents\Audacity
2018-03-13 22:46 - 2018-03-13 22:46 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-03-13 22:46 - 2018-03-13 22:46 - 000001084 _____ C:\Users\Public\Desktop\Audacity.lnk
2018-03-13 22:46 - 2018-03-13 22:46 - 000000000 ____D C:\Users\144\AppData\Local\Audacity
2018-03-13 22:46 - 2018-03-13 22:46 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-03-13 22:45 - 2018-03-13 22:45 - 020248056 _____ (Audacity Team ) C:\Users\144\Downloads\audacity-win-2.2.2.exe
2018-03-13 13:54 - 2018-03-13 13:55 - 000349022 _____ C:\Users\144\Downloads\Decision And Order 3-12-18.pdf
2018-03-12 22:22 - 2018-03-12 22:22 - 000000104 ____H C:\Users\144\Downloads\.~lock.Redaction Order-2.docx#
2018-03-12 22:21 - 2018-03-12 22:21 - 000000104 ____H C:\Users\144\Desktop\.~lock.Motion to Redact.doc#
2018-03-09 10:36 - 2018-03-09 10:36 - 001620252 _____ C:\Users\144\Downloads\journalistguide2011.pdf
2018-03-09 10:32 - 2018-03-09 10:32 - 000603892 _____ C:\Users\144\Downloads\InstructionsPacket.pdf
2018-03-08 11:16 - 2018-03-08 11:17 - 002212693 _____ C:\Users\144\Downloads\121517 Hearing Packet and Recommendation.pdf
2018-03-07 19:30 - 2018-03-07 19:49 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-07 11:31 - 2018-03-07 12:20 - 1914967302 _____ C:\Users\144\Downloads\DS500230.DS21.26.18.wav
2018-03-04 18:20 - 2018-03-04 18:21 - 003011448 _____ C:\Users\144\Downloads\P500 Data Base.xlsx
2018-03-04 18:20 - 2018-03-04 18:21 - 003011448 _____ C:\Users\144\Downloads\P500 Data Base(1).xlsx
2018-03-03 11:05 - 2018-03-14 15:14 - 000000000 ____D C:\Windows.old
2018-03-03 09:58 - 2018-03-03 09:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-03 09:56 - 2018-03-03 09:56 - 000000000 ___HD C:\Users\144\MicrosoftEdgeBackups
2018-03-03 09:52 - 2018-03-03 09:52 - 000000020 ___SH C:\Users\144\ntuser.ini
2018-03-03 09:46 - 2018-03-26 16:31 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{797C944E-9519-4A29-A768-47B08D9EBE0C}
2018-03-03 09:46 - 2018-03-26 16:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-03 09:46 - 2018-03-20 18:01 - 000004890 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2018-03-03 09:46 - 2018-03-19 23:37 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3807269509-1413305664-3201116232-1001
2018-03-03 09:46 - 2018-03-03 09:47 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-03 09:46 - 2018-03-03 09:46 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2018-03-03 09:46 - 2018-03-03 09:46 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-03 09:46 - 2018-03-03 09:46 - 000002820 _____ C:\WINDOWS\System32\Tasks\ACC
2018-03-03 09:46 - 2018-03-03 09:46 - 000002766 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2018-03-03 09:46 - 2018-03-03 09:46 - 000002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2018-03-03 09:46 - 2018-03-03 09:46 - 000002562 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
2018-03-03 09:46 - 2018-03-03 09:46 - 000002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2018-03-03 09:46 - 2018-03-03 09:46 - 000002428 _____ C:\WINDOWS\System32\Tasks\MAGIX Connector
2018-03-03 09:46 - 2018-03-03 09:46 - 000002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2018-03-03 09:46 - 2018-03-03 09:46 - 000002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2018-03-03 09:46 - 2018-03-03 09:46 - 000002256 _____ C:\WINDOWS\System32\Tasks\Power Button
2018-03-03 09:46 - 2018-03-03 09:46 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2018-03-03 09:46 - 2018-03-03 09:46 - 000002042 _____ C:\WINDOWS\System32\Tasks\FubToolByPLD
2018-03-03 09:46 - 2018-03-03 09:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-03-03 09:46 - 2018-03-03 09:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2018-03-03 09:41 - 2018-03-03 09:45 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-03-03 09:41 - 2018-03-03 09:45 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-03-03 09:38 - 2018-03-15 23:00 - 001039898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-03 09:21 - 2018-03-03 09:21 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-03 09:20 - 2018-03-03 09:20 - 000000000 ____D C:\ProgramData\USOShared
2018-03-03 09:16 - 2018-03-04 11:02 - 000000000 ____D C:\Users\144\AppData\Local\Packages
2018-03-03 09:15 - 2018-03-26 10:19 - 000000000 ____D C:\Users\144
2018-03-03 09:14 - 2018-03-03 09:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-03 09:14 - 2017-02-24 18:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-03-03 09:14 - 2017-02-24 18:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-03-03 09:14 - 2017-02-24 18:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-03-03 09:14 - 2017-02-24 18:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-03-03 09:13 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-03 09:13 - 2017-08-01 04:26 - 000140304 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-03-03 09:13 - 2017-08-01 04:25 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-03-03 09:09 - 2018-03-26 13:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-03 09:09 - 2018-03-06 03:13 - 000510440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-03 02:50 - 2018-03-03 11:06 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-03 02:44 - 2018-03-03 02:50 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files\MSBuild
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-03 02:41 - 2018-03-03 02:41 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-03 02:38 - 2017-09-22 19:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-03-03 02:38 - 2017-09-22 19:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-03-03 02:38 - 2017-09-22 19:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-03-03 02:37 - 2017-09-28 16:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-03-03 02:37 - 2017-09-28 16:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-03-03 02:37 - 2017-09-28 16:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-03-03 02:15 - 2018-03-03 02:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-03 00:32 - 2018-03-03 09:48 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-03 00:26 - 2018-03-03 00:32 - 000000036 _____ C:\WINDOWS\progress.ini
2018-03-02 23:30 - 2018-03-16 12:55 - 000000000 ___HD C:\$GetCurrent
2018-03-02 23:11 - 2018-03-02 23:11 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-01 23:44 - 2018-03-01 23:45 - 000000000 ____D C:\Users\144\Desktop\New folder (10)
2018-02-28 13:49 - 2018-02-28 15:29 - 000000000 ____D C:\Users\144\Desktop\Louise Kiernan Twitter Photos
2018-02-26 11:04 - 2018-02-26 11:04 - 000000104 ____H C:\Users\144\Desktop\.~lock.Dj ein sof.odt#

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-26 16:35 - 2017-12-14 04:38 - 000018438 _____ C:\Users\144\Downloads\FRST.txt
2018-03-26 16:32 - 2017-12-14 04:38 - 000000000 ____D C:\FRST
2018-03-26 16:32 - 2017-04-27 10:32 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2018-03-26 16:26 - 2016-12-25 14:27 - 000000000 ____D C:\Users\144\AppData\LocalLow\Mozilla
2018-03-26 16:23 - 2016-12-22 01:44 - 000000000 __SHD C:\Users\144\IntelGraphicsProfiles
2018-03-26 16:21 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-26 15:30 - 2017-09-30 03:41 - 000000000 ____D C:\Users\144\Desktop\New folder (15)
2018-03-26 10:18 - 2017-10-11 15:45 - 000000000 ____D C:\Program Files\WinZip
2018-03-26 10:18 - 2017-04-20 00:13 - 000000000 ____D C:\Users\144\AppData\Roaming\IObit
2018-03-26 10:18 - 2017-04-20 00:13 - 000000000 ____D C:\Users\144\AppData\LocalLow\IObit
2018-03-26 10:18 - 2017-04-20 00:11 - 000000000 ____D C:\ProgramData\IObit
2018-03-26 10:18 - 2017-03-24 18:19 - 000000000 ____D C:\AdwCleaner
2018-03-25 21:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-25 16:26 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-03-25 16:18 - 2016-08-03 05:07 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-25 15:37 - 2017-04-27 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-03-25 15:17 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-23 18:51 - 2017-10-17 20:52 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 18:51 - 2017-10-17 20:52 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-22 14:01 - 2018-01-20 12:38 - 000000000 ____D C:\Users\144\Desktop\current
2018-03-22 13:49 - 2017-02-16 02:42 - 000000000 ____D C:\Users\144\Desktop\New folder
2018-03-21 12:53 - 2017-12-14 04:42 - 000043737 _____ C:\Users\144\Downloads\Addition.txt
2018-03-20 17:09 - 2017-03-30 15:10 - 000000000 ____D C:\Users\144\Desktop\New Music
2018-03-19 23:37 - 2017-11-05 21:09 - 000002365 _____ C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 23:36 - 2016-12-22 02:56 - 000000000 ___RD C:\Users\144\OneDrive
2018-03-19 00:52 - 2017-03-23 12:09 - 000000000 ____D C:\Users\144\Documents\VirtualDJ
2018-03-17 23:56 - 2017-08-13 15:17 - 000000000 ____D C:\Users\144\AppData\Roaming\Audacity
2018-03-17 02:46 - 2017-04-05 19:34 - 000000000 ____D C:\Users\144\AppData\Roaming\vlc
2018-03-16 13:34 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 13:31 - 2016-10-14 02:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 13:30 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 12:34 - 2017-10-11 15:45 - 000000000 ____D C:\ProgramData\WinZip
2018-03-16 12:02 - 2017-12-07 01:49 - 000000000 ____D C:\Users\144\Desktop\desktop pics
2018-03-16 11:04 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-15 23:08 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-15 22:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-12 22:41 - 2017-04-27 10:28 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-03-06 12:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-06 10:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-06 03:08 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-06 03:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-06 03:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-03-06 03:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-03-06 03:07 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-04 21:56 - 2017-01-02 17:36 - 000000000 ___RD C:\Users\144\3D Objects
2018-03-04 21:56 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-03 20:29 - 2016-10-14 04:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-03-03 11:08 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-03-03 11:06 - 2018-02-21 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WarpPro
2018-03-03 11:06 - 2018-02-05 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-03-03 11:06 - 2018-01-21 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-03-03 11:06 - 2018-01-21 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-03-03 11:06 - 2017-11-17 04:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-03 11:06 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-03 11:06 - 2017-08-11 10:04 - 000000000 ____D C:\Program Files\Intel
2018-03-03 11:06 - 2017-08-01 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loopcloud
2018-03-03 11:06 - 2017-07-31 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-03-03 11:06 - 2017-05-29 22:43 - 000000000 ____D C:\Program Files\UNP
2018-03-03 11:06 - 2017-04-05 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite
2018-03-03 11:06 - 2017-04-05 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-03-03 11:06 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-03 11:06 - 2017-01-26 18:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-03-03 11:06 - 2017-01-02 22:14 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2018-03-03 11:06 - 2016-12-22 01:43 - 000000000 ____D C:\WINDOWS\oem
2018-03-03 11:06 - 2016-10-14 04:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2018-03-03 11:06 - 2016-10-14 04:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-03 11:06 - 2016-10-14 04:07 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-03-03 11:06 - 2016-10-14 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-03 11:06 - 2016-08-03 05:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2018-03-03 11:05 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2018-03-03 09:54 - 2017-01-27 15:44 - 000000000 ____D C:\Users\144\AppData\Local\ConnectedDevicesPlatform
2018-03-03 09:53 - 2016-12-22 01:44 - 000000000 ____D C:\Users\144\AppData\Local\TileDataLayer
2018-03-03 09:49 - 2016-10-14 04:05 - 000000000 ____D C:\ProgramData\Intel
2018-03-03 09:40 - 2017-01-27 11:22 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-03 09:28 - 2017-03-23 12:09 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2018-03-03 09:28 - 2017-03-07 13:14 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-03-03 09:21 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-03 09:20 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-03 09:19 - 2017-11-26 03:35 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2018-03-03 09:19 - 2017-07-13 02:58 - 000000000 ____D C:\Users\144\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
2018-03-03 09:14 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-03 09:14 - 2017-08-11 10:05 - 000000000 ____D C:\Program Files\Elantech
2018-03-03 09:13 - 2017-08-11 10:04 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-03-03 09:12 - 2017-08-11 10:04 - 001410294 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-03-03 09:12 - 2017-08-11 10:04 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-03 09:12 - 2017-08-11 10:03 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-03 09:12 - 2016-10-14 04:10 - 000000000 ___HD C:\Intel
2018-03-03 02:59 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-03 02:51 - 2017-01-26 18:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-03-03 02:50 - 2017-08-11 10:03 - 000000000 ____D C:\Program Files\Realtek
2018-03-03 02:50 - 2017-04-20 04:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-03-03 02:50 - 2017-03-29 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2018-03-03 02:50 - 2017-03-24 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\photon interactive pvt ltd
2018-03-03 02:50 - 2016-12-29 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2Near the Edge
2018-03-03 02:40 - 2017-12-13 20:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-03-03 00:13 - 2017-11-21 05:01 - 000000000 ____D C:\Users\144\Desktop\Propublica
2018-03-01 13:02 - 2016-12-22 02:51 - 000000000 ____D C:\Users\144\AppData\Local\CrashDumps
2018-02-28 19:08 - 2017-11-21 05:04 - 000000000 ____D C:\Users\144\Desktop\REsearch
2018-02-26 10:25 - 2016-12-25 00:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-26 10:25 - 2016-10-14 04:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-24 06:06 - 2017-04-20 03:58 - 000000000 ____D C:\Users\144\Documents\Wondershare Filmora
2018-02-24 01:03 - 2018-01-21 20:03 - 000000000 ____D C:\Program Files\rempl
2018-02-24 00:53 - 2017-01-18 10:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-24 00:46 - 2018-01-07 03:30 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-24 00:46 - 2017-01-18 10:48 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-07-31 21:40 - 2017-03-20 11:57 - 000008768 _____ () C:\Program Files (x86)\AppxManifest.xml
2017-07-31 21:40 - 2017-03-20 11:32 - 013221390 _____ (FFmpeg Project) C:\Program Files (x86)\avcodec-57.dll
2017-07-31 21:40 - 2017-03-20 11:32 - 001874958 _____ (FFmpeg Project) C:\Program Files (x86)\avfilter-6.dll
2017-07-31 21:40 - 2017-03-20 11:32 - 002414094 _____ (FFmpeg Project) C:\Program Files (x86)\avformat-57.dll
2017-07-31 21:40 - 2017-03-20 11:32 - 000618510 _____ (FFmpeg Project) C:\Program Files (x86)\avutil-55.dll
2017-07-31 21:40 - 2017-01-03 17:37 - 000264128 _____ (Pulse-Eight Limited) C:\Program Files (x86)\cec.dll
2017-07-31 21:38 - 2017-03-19 04:38 - 000018660 _____ () C:\Program Files (x86)\copying.txt
2017-07-31 21:38 - 2017-01-22 15:52 - 000214528 _____ () C:\Program Files (x86)\cpluff.dll
2017-07-31 21:38 - 2016-07-28 03:01 - 003747512 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dcompiler_47.dll
2017-07-31 21:38 - 2013-11-17 14:12 - 000026624 _____ (Apple Inc.) C:\Program Files (x86)\dnssd.dll
2017-07-31 21:38 - 2016-07-07 07:52 - 000288256 _____ (easyhook.codeplex.com) C:\Program Files (x86)\EasyHook32.dll
2017-07-31 21:38 - 2017-03-20 11:57 - 014727168 _____ (XBMC-Foundation) C:\Program Files (x86)\kodi.exe
2017-07-31 21:38 - 2017-02-27 14:48 - 001881600 _____ () C:\Program Files (x86)\libass.dll
2017-07-31 21:38 - 2016-07-14 12:37 - 000775680 _____ () C:\Program Files (x86)\libbluray.dll
2017-07-31 21:38 - 2016-07-16 06:39 - 000183808 _____ () C:\Program Files (x86)\libcdio.dll
2017-07-31 21:38 - 2016-04-08 14:13 - 000383488 _____ (The cURL library, https://curl.haxx.se/) C:\Program Files (x86)\libcurl.dll
2017-07-31 21:38 - 2017-03-20 11:35 - 000073991 _____ () C:\Program Files (x86)\libdvdcss-2.dll
2017-07-31 21:38 - 2017-03-20 11:40 - 000260355 _____ () C:\Program Files (x86)\libdvdnav.dll
2017-07-31 21:38 - 2016-04-17 07:59 - 001389568 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\libeay32.dll
2017-07-31 21:38 - 2017-03-20 11:43 - 000020480 _____ () C:\Program Files (x86)\libexif.dll
2017-07-31 21:38 - 2016-08-06 07:49 - 004622336 _____ () C:\Program Files (x86)\libmysql.dll
2017-07-31 21:38 - 2016-02-02 08:06 - 000127488 _____ (https://github.com/sahlberg/libnfs) C:\Program Files (x86)\libnfs.dll
2017-07-31 21:38 - 2016-07-14 12:54 - 000096768 _____ () C:\Program Files (x86)\libplist.dll
2017-07-31 21:38 - 2016-07-14 11:12 - 002356224 _____ () C:\Program Files (x86)\libxml2.dll
2017-07-31 21:38 - 2016-07-14 11:14 - 000218112 _____ () C:\Program Files (x86)\libxslt.dll
2017-07-31 21:38 - 2017-03-19 04:37 - 000015706 _____ () C:\Program Files (x86)\LICENSE.GPL
2017-07-31 21:38 - 2017-03-20 11:32 - 000115726 _____ (FFmpeg Project) C:\Program Files (x86)\postproc-54.dll
2017-07-31 21:38 - 2017-03-19 04:38 - 000005191 _____ () C:\Program Files (x86)\privacy-policy.txt
2017-07-31 21:38 - 2016-01-16 10:21 - 002705920 _____ (Python Software Foundation) C:\Program Files (x86)\python27.dll
2017-07-31 21:38 - 2016-07-27 12:36 - 000099840 _____ () C:\Program Files (x86)\shairplay.dll
2017-07-31 21:38 - 2016-02-05 09:43 - 000721408 _____ () C:\Program Files (x86)\sqlite3.dll
2017-07-31 21:38 - 2016-07-15 11:58 - 000418816 _____ () C:\Program Files (x86)\ssh.dll
2017-07-31 21:38 - 2016-04-17 07:59 - 000274944 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\ssleay32.dll
2017-07-31 21:38 - 2017-03-20 11:32 - 000129038 _____ (FFmpeg Project) C:\Program Files (x86)\swresample-2.dll
2017-07-31 21:38 - 2017-03-20 11:32 - 000554510 _____ (FFmpeg Project) C:\Program Files (x86)\swscale-4.dll
2017-07-31 21:38 - 2017-05-15 21:47 - 000447747 _____ (XBMC-Foundation) C:\Program Files (x86)\Uninstall.exe
2017-07-31 21:38 - 2016-05-22 05:32 - 000098816 _____ () C:\Program Files (x86)\zlib.dll
2017-10-05 01:51 - 2017-10-05 02:07 - 000000764 _____ () C:\Users\144\AppData\Roaming\PPTConverter.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-25 13:45

==================== End of FRST.txt ============================

 

thanks,

 

MikeHype



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 28 March 2018 - 12:54 PM

MikeHype:

Thank you for your post, and for the fresh set of FRST scan logs.

The trial version of Malwarebytes Premium will revert itself back to Malwarebytes Free, when the trial period expires. Personally, I would spend the money and purchase Malwarebytes Premium. It is much better to prevent malware infestations in the first place, than to clean up afterwards. That said, Malwarebytes Free is as good a free anti-malware product as you are going to able to find. If you want more information about choosing an anti-malware product, you should consult this topic by quietman7, one of the foremost computer security experts here at Bleeping Computer.

.

:step1: We will now remove the anti-malware tools that we used to scan and clean your computer using a final FRST "fixlist" script and an GB "orphan".

Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Start::
CloseProcesses:
DeleteQuarantine:
2018-03-26 10:18 - 2017-03-24 18:19 - 000000000 ____D C:\AdwCleaner
2018-03-26 10:12 - 2018-03-26 10:12 - 000003967 _____ C:\Users\144\Desktop\AdwCleaner[S1].txt
2018-03-25 21:58 - 2018-03-25 22:00 - 008222496 _____ (Malwarebytes) C:\Users\144\Downloads\AdwCleaner(1).exe
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
CreateRestorePoint:
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: Please manually delete the following files/folders:

  • C:\FRST
  • C:\Users\144\Downloads\FRST64.exe.
  • C:\Users\144\Downloads\fixlog.txt.
  • All desktop shortcut icons related to the anti-malware scanners/cleaners that we used.

.

:step3: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated software tools, such as Adlice Software UCheck. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well or you can purchase a security product or products.

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

Personally I use Bitdefender 2018 Total Security, along with Malwarebytes Premium. Another paid product worth considering is Emsisoft Anti-Malware, which combines the Bitdefender virus scanning engine with their own anti-malware engine, so that you essentially get two computer security products, totally integrated, for the price of one. Please consult this link for more information on choosing a computer security product.

If you want more information about the methods that malware uses to infect your computer, please consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

.

On behalf of the Bleeping Computer (BC) community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 MikeHype

MikeHype
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 28 March 2018 - 03:53 PM

Good Afternoon Phil:

 

    Files deleted, advice noted and thx much for your assistance. Appreciate you.

 

MikeHype



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:54 PM

Posted 29 March 2018 - 06:41 AM

MikeHype:

 

You are most welcome for my assistance.  Thank you for your kind words.

 

Have a great day ... and stay safe out there in cyberspace.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users