Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop sluggish

malware

  • Please log in to reply

#1
shiv1226

shiv1226

    Member

  • Member
  • PipPip
  • 18 posts

Laptop was running a bit sluggish after getting a pop-up from a streaming video site. I ran malwarebytes and avast. Did some cleaning with CCleaner. Still sluggish. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Shivani (administrator) on SHIVANIPC (08-07-2017 10:19:02)
Running from C:\Users\spari_000\Desktop
Loaded Profiles: Shivani (Available Profiles: Shivani)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Flux Software LLC) C:\Users\spari_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Acer Incorporate) C:\Program Files (x86)\Acer\Acer Audio Invert Utility\AudioInvertAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-05] (AVAST Software)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [533616 2017-02-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [324720 2017-02-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2574080 2015-05-06] (Acer)
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Run: [Spotify Web Helper] => C:\Users\spari_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-05] (Spotify Ltd)
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Run: [f.lux] => C:\Users\spari_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Run: [Spotify] => C:\Users\spari_000\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-07-05] (Spotify Ltd)
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\RunOnce: [Uninstall C:\Users\spari_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\spari_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\RunOnce: [Uninstall C:\Users\spari_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\spari_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\spari_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2017-04-22]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\spari_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2017-04-22]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7bbe74e1-8d14-4565-b710-d14cd9b24f61}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8394a7f5-59c8-4ce8-81ad-8985c288dd21}: [DhcpNameServer] 40.30.1.66
 
Internet Explorer:
==================
HKU\S-1-5-21-440272248-943791128-3511854739-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-440272248-943791128-3511854739-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-440272248-943791128-3511854739-1001 -> DefaultScope {C5F4994E-27B3-4535-8451-C5DDB34CF2A6} URL = 
SearchScopes: HKU\S-1-5-21-440272248-943791128-3511854739-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-440272248-943791128-3511854739-1001 -> {C5F4994E-27B3-4535-8451-C5DDB34CF2A6} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-05] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-05] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: sopqtx4v.default
FF ProfilePath: C:\Users\spari_000\AppData\Roaming\Mozilla\Firefox\Profiles\sopqtx4v.default [2017-07-06]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sopqtx4v.default -> Google
FF Extension: (Adblock Plus) - C:\Users\spari_000\AppData\Roaming\Mozilla\Firefox\Profiles\sopqtx4v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-05]
FF Extension: (Greasemonkey) - C:\Users\spari_000\AppData\Roaming\Mozilla\Firefox\Profiles\sopqtx4v.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-19]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\spari_000\AppData\Roaming\Mozilla\Firefox\Profiles\sopqtx4v.default\features\{4b18529f-1733-4a6a-a446-710a6242b960}\[email protected] [2016-11-02]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-12-03] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-02-15] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-05-13] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://biodigitalhuman.com/","hxxp://dental.nova.edu/"
CHR Profile: C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Google Slides) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-11]
CHR Extension: (Duolingo on the Web) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-07-31]
CHR Extension: (Google Docs) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-11]
CHR Extension: (Google Drive) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Honey) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-01]
CHR Extension: (Adblock Plus) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-07-05]
CHR Extension: (Google Search) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (ICE Quick Stream) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-06-02]
CHR Extension: (Google Calendar) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (Google Play Music) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-07-06]
CHR Extension: (Google Sheets) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-11]
CHR Extension: (Google Docs Offline) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\spari_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-05] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-05] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-06-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-07-22] (Acer Incorporated)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-10-13] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-17] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-07-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-07-05] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-07-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-07-05] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [82936 2016-11-29] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-05] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-07-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-05] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-05] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-05] (AVAST Software)
S3 Ctxusbr; C:\WINDOWS\System32\drivers\ctxusbr.sys [79192 2015-06-24] (Citrix Systems, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [110824 2014-06-10] (GenesysLogic)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31512 2014-08-13] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-08 10:19 - 2017-07-08 10:20 - 00028730 _____ C:\Users\spari_000\Desktop\FRST.txt
2017-07-08 10:18 - 2017-07-08 10:19 - 00000000 ____D C:\FRST
2017-07-08 10:17 - 2017-07-08 10:17 - 02437120 _____ (Farbar) C:\Users\spari_000\Desktop\FRST64.exe
2017-07-07 12:36 - 2017-07-07 12:36 - 00000000 ____D C:\Users\spari_000\Desktop\honor
2017-07-05 22:35 - 2017-07-05 22:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-05 22:11 - 2017-07-05 22:11 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-05 21:30 - 2017-07-05 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-05 21:10 - 2017-07-05 21:10 - 00400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-07-05 20:39 - 2017-07-05 20:39 - 00008761 _____ C:\Users\spari_000\Desktop\residencies.xlsx
2017-06-28 21:43 - 2017-06-28 21:43 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-28 20:47 - 2017-06-28 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-28 18:58 - 2017-06-28 18:58 - 00000000 ____D C:\Users\spari_000\AppData\Local\UNP
2017-06-28 18:17 - 2017-06-28 18:17 - 00001256 _____ C:\Users\spari_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-06-28 18:10 - 2017-06-28 18:10 - 00002646 _____ C:\Users\spari_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My NSU Desktop.lnk
2017-06-28 18:01 - 2017-06-28 18:01 - 00250374 _____ C:\Users\spari_000\Desktop\D4 revised 5-23.xlsx
2017-06-26 06:27 - 2017-06-26 06:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-22 19:19 - 2017-06-22 19:19 - 00434696 _____ C:\Users\spari_000\Desktop\Doc Jun 22, 2017, 8-45 AM.pdf
2017-06-16 07:02 - 2017-06-28 22:44 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-16 07:02 - 2017-06-28 22:44 - 00000000 ____D C:\Program Files\UNP
2017-06-13 21:20 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:20 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 21:20 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:20 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 21:20 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 21:20 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:20 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 21:20 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 21:20 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-13 21:20 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:20 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 21:20 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-13 21:20 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 21:20 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 21:20 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-13 21:20 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-13 21:20 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-13 21:20 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 21:20 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 21:20 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-13 21:20 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 21:20 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:20 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-13 21:20 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-13 21:20 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-13 21:20 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:20 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-13 21:20 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 21:20 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 21:20 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 21:20 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 21:20 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:20 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 21:20 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 21:20 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 21:20 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-13 21:20 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:20 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 21:20 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-13 21:20 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:20 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-13 21:20 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 21:20 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-13 21:20 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-13 21:20 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-13 21:20 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-13 21:20 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-13 21:20 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 21:20 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-13 21:20 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 21:20 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:20 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 21:20 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 21:20 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 21:20 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 21:20 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 21:20 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 21:20 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 21:20 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-13 21:20 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-13 21:20 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 21:20 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-13 21:20 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 21:20 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:20 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:20 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-13 21:20 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 21:20 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 21:20 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-13 21:20 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:20 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-13 21:20 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-13 21:20 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 21:20 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:20 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:20 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:20 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-13 21:20 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 21:20 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 21:20 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:20 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:20 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-13 21:20 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 21:20 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:20 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:20 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-13 21:20 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-13 21:20 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:20 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:20 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 21:20 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 21:20 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:20 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:20 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:20 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 21:20 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:20 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-13 21:20 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:20 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:20 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:20 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-13 21:20 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 21:20 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 21:20 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-13 21:20 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-13 21:20 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-13 21:20 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-13 21:20 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-13 21:20 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 21:19 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-13 21:19 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-13 21:19 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-13 21:19 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:19 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 21:19 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-13 21:19 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 21:19 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 21:19 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 21:19 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 21:19 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:19 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 21:19 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:19 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-13 21:19 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-13 21:19 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-13 21:19 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 21:19 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 21:19 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-13 21:19 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:19 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-13 21:19 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-13 21:19 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-13 21:19 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-08 09:51 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-08 09:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 16:38 - 2016-09-09 07:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-07 12:33 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-07 12:32 - 2016-09-09 07:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-06 23:46 - 2016-09-09 07:27 - 00000000 ____D C:\Users\spari_000
2017-07-06 23:11 - 2017-01-29 12:46 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-06 23:11 - 2016-09-09 07:33 - 00002990 _____ C:\WINDOWS\System32\Tasks\Acer Hover Access Trigger
2017-07-06 23:11 - 2016-09-09 07:33 - 00002820 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-07-06 23:11 - 2016-09-09 07:33 - 00002650 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2017-07-06 23:01 - 2015-08-06 23:17 - 01779314 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-06 23:00 - 2015-11-26 14:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-06 22:56 - 2016-09-09 07:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-05 22:35 - 2015-07-13 10:27 - 00000000 ____D C:\Users\spari_000\AppData\Local\Citrix
2017-07-05 22:22 - 2015-07-12 12:47 - 00000000 ____D C:\Users\spari_000\AppData\Roaming\Spotify
2017-07-05 22:22 - 2015-07-12 12:47 - 00000000 ____D C:\Users\spari_000\AppData\Local\Spotify
2017-07-05 22:19 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-05 22:15 - 2016-01-27 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-05 22:14 - 2016-01-27 13:28 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-05 22:13 - 2016-01-27 13:28 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-05 21:37 - 2015-07-13 22:15 - 00000000 ____D C:\Users\spari_000\AppData\Roaming\uTorrent
2017-07-05 21:36 - 2016-11-30 01:26 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-05 21:16 - 2016-09-09 07:33 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1459964439
2017-07-05 21:16 - 2016-04-06 13:40 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-05 21:11 - 2017-06-06 10:52 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-05 21:11 - 2015-08-01 22:33 - 00361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-07-05 21:10 - 2017-02-08 10:16 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-05 21:10 - 2016-03-29 08:16 - 00041800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 01015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 00585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 00360792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.149930347832806
2017-07-05 21:10 - 2015-08-01 22:33 - 00198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 00146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 00110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 00084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-05 21:10 - 2015-08-01 22:33 - 00046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-05 21:10 - 2015-08-01 22:31 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-05 21:09 - 2017-02-08 10:16 - 00343264 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-07-05 21:09 - 2017-02-08 10:16 - 00319984 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-07-05 21:09 - 2017-02-08 10:16 - 00198944 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-07-05 21:09 - 2017-02-08 10:16 - 00057704 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-07-04 20:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-07-01 21:49 - 2016-03-26 14:44 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 00:33 - 2015-07-14 09:20 - 00000000 ____D C:\Users\spari_000\AppData\Roaming\vlc
2017-06-29 19:46 - 2015-07-19 19:18 - 00000000 ____D C:\Users\spari_000\AppData\Local\Dropbox
2017-06-29 19:45 - 2015-07-11 10:55 - 00000000 ____D C:\Users\spari_000\AppData\Local\Packages
2017-06-28 21:46 - 2015-07-11 14:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-28 21:44 - 2016-09-09 07:25 - 00423088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-28 21:43 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-28 21:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-28 21:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-28 20:47 - 2015-07-19 19:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-28 17:57 - 2015-07-11 11:37 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 21:11 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-26 21:10 - 2015-01-08 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-26 20:57 - 2015-08-07 07:22 - 00002418 _____ C:\Users\spari_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-26 20:57 - 2015-07-11 11:03 - 00000000 __RDO C:\Users\spari_000\OneDrive
2017-06-18 17:56 - 2017-06-06 23:33 - 00004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-18 17:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 17:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 07:10 - 2015-07-16 19:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-16 07:07 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-16 07:07 - 2015-07-16 19:17 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 20:29 - 2017-03-20 21:35 - 00000000 ___RD C:\Program Files (x86)\Skype
 
==================== Files in the root of some directories =======
 
2016-09-09 07:26 - 2016-09-09 07:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-29 23:29
 
==================== End of FRST.txt ============================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Shivani (08-07-2017 10:22:10)
Running from C:\Users\spari_000\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-09 11:36:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-440272248-943791128-3511854739-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-440272248-943791128-3511854739-503 - Limited - Disabled)
Guest (S-1-5-21-440272248-943791128-3511854739-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-440272248-943791128-3511854739-1003 - Limited - Enabled)
Shivani (S-1-5-21-440272248-943791128-3511854739-1001 - Administrator - Enabled) => C:\Users\spari_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Acer Audio Invert Utility (HKLM-x32\...\{11086334-4198-44C7-8C67-7B49E4AC925A}) (Version: 1.00.3001 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Hover Access (HKLM-x32\...\{02488282-6E9D-42B0-877E-2AA34580E578}) (Version: 1.00.3001 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8106.0 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3006 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Citrix Receiver 4.7 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.7.0.13011 - Citrix Systems, Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.58 - DivX, LLC)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Flux) (Version:  - )
Foxit PhantomPDF Standard (HKLM-x32\...\{2D5BC464-DC3A-429D-9CCC-F0C9A42885E8}) (Version: 7.3.9.816 - Foxit Software Inc.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.2.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{922CA1B2-9D74-49DF-A23F-90F710F51DD7}) (Version: 17.0.1428.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kodi (HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2092 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
My NSU Desktop (HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\[email protected]@Main.My NSU Desktop $S33-31) (Version: 1.0 - Delivered by Citrix)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2092 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2092 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2092 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{EACEB844-8CDD-4F3B-9EA2-E299741D1652}) (Version: 14.7.0.13011 - Citrix Systems, Inc.) Hidden
Popcorn Time (HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\Popcorn Time) (Version:  - Popcorn Official) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Self-service Plug-in (HKLM-x32\...\{5D678EB8-64FD-4681-AACF-3D18FBCA77A3}) (Version: 4.7.0.15674 - Citrix Systems, Inc.) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VitalSource Bookshelf (HKLM-x32\...\{4f1b61c8-ad15-4f53-a3e6-e18d8d4abc18}) (Version: 6.07.0025 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-05] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-05] (AVAST Software)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-08-05] (Foxit Software Inc.)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-05] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-13] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-05] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0127E082-14FA-400E-8710-6E02E793ECDE} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-01-08] (Acer Incorporated)
Task: {038383A1-8AB0-42AD-A03B-8F0F860F1228} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {09D3F613-1A95-4CEB-ADD6-3E6381C2942B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-09] (Microsoft Corporation)
Task: {0BD91DA8-65F5-4922-BC0E-FE05956D70C2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Task: {10CE9812-B9EE-466E-82E0-F0D569202D83} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {13A448A5-1E2E-4901-BA1A-E4F9CD217C07} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {1F701972-63C9-4F3C-BC38-F4070FA1A999} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {1FCD4579-C839-4A3A-A13F-A5FD517ADA30} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-04] (Microsoft Corporation)
Task: {21A03BFA-41FA-4061-B89C-B7365A9A99E4} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {2677B3B9-A9EE-42A4-BF58-127E7FC66443} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {26F17BF3-1312-4560-8E77-E702108F7E88} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-09] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38555056-0B54-4F9F-8E2B-DDC4AD7FCE92} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-07-22] (Acer Incorporated)
Task: {484365E6-BD2B-4FF6-85F1-58222170443E} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {4BC9DE4D-7A8D-45CE-A5E3-13F9B5578E8F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {4FF5CA13-9C5F-47F8-863D-A02780E5B257} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-09] (Microsoft Corporation)
Task: {57F8D79C-CF96-4B71-BF40-9ED45E614AD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-11] (Google Inc.)
Task: {5E10C161-E40C-4384-AD8E-86640844BF90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {5F3FA9F6-CE77-402A-8D14-ED424CEE8BE3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5FDC7E5A-013A-465F-88F8-41FDCCCB5936} - System32\Tasks\SafeZone scheduled Autoupdate 1459964439 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {65388AAB-D2D6-430A-9EE1-A1E1CD702604} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {66B1E972-201C-4FF5-B3C7-D286D5AD9396} - System32\Tasks\Audio Invert Utility => C:\Program Files (x86)\Acer\Acer Audio Invert Utility\Launcher.exe [2014-08-01] (Acer Incorporated)
Task: {6A01C837-3DAE-4485-8562-AA01E4D61B8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {74AEDBCC-CEA3-4D12-B3A7-C4A0D4032496} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer)
Task: {780E98C8-CE57-4072-8666-31C7F4D8B582} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7A794FD4-A41D-494C-B113-895C911F0167} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7EDAB616-7ACB-4449-B765-6022FC29F722} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {800C5FF0-39FC-422B-A324-C21A1A12AC8E} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {8032C3DE-527F-4917-BB55-6AD677A6D98C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {80EC2BED-66B8-4150-8F5C-16F370C4FD57} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {83713AFC-F2A8-4797-8B2B-8BD77089E0E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {85AF91B1-924D-40BB-8AC1-F7AA111F698F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-04] (Microsoft Corporation)
Task: {8AECE78D-68F1-4CB1-8A12-27F08F1C460C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8D608F8F-0040-43E7-AEA4-EB40FE339F21} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-04-13] (DivX, LLC)
Task: {92F1DAEF-1780-4420-B7B4-977886BE293E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {942ED179-812C-480D-8EC3-553C24B05CA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {996646B9-5340-4F57-A1B5-300322D9287A} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {A3A4C0A6-7108-4625-AF8F-91F08B0EEEF8} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {A622B638-3073-4C20-A9D4-6E284D9AF65D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {B92F8488-D8FF-4E88-B709-81ECA8FB7144} - System32\Tasks\Acer Hover Access Trigger => HoverAccessLauncher.exe
Task: {C4D3E750-7D61-4048-82F9-F2E99FD9077C} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {CC97A9D0-585B-4604-BABD-26D3F910F3C8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-05] (AVAST Software)
Task: {D5BD59D9-005F-44C8-98F5-0FFD1A6A9BBB} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-03-05] ()
Task: {DC967FC7-AA64-47CA-89A6-0DDC30386256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {E9AA16C9-EE42-4C27-9AE1-3CF22EB7A2E2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-16] (AVAST Software)
Task: {EC25BB81-9F5C-4EEC-87A7-3BB3DB6FCB76} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {ED26E9C8-AB46-419D-AC9A-40C9523BA97B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EE67EA6E-90BE-4241-9C5B-C67CB25A692E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-11] (Google Inc.)
Task: {F7F1357C-6870-495F-9474-5B9992C9FD21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FDDC6DC4-2CB5-42E8-8DBB-5B2001A27AF2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\spari_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\spari_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aa69efa1cf9cbb3b\8tracks player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blcdhnjkcckimepkafnnjbilbhjpenfp
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-05 23:05 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-13 21:20 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-08 14:20 - 2017-01-29 09:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-21 08:06 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 08:38 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 08:38 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 08:38 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 08:38 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 21:20 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 21:20 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 21:20 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-01-08 21:39 - 2014-03-05 04:49 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2017-06-28 17:57 - 2017-06-22 23:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-28 17:57 - 2017-06-22 23:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
2017-06-26 20:55 - 2017-06-26 20:55 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-26 20:55 - 2017-06-26 20:55 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-14 22:51 - 2017-06-14 22:51 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-14 22:51 - 2017-06-14 22:51 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-08 21:16 - 2017-06-08 21:16 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-14 22:51 - 2017-06-14 22:51 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 18:22 - 2016-06-03 18:22 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-14 22:51 - 2017-06-14 22:51 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-03 19:23 - 2017-05-03 19:24 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-04 07:34 - 2016-03-04 07:34 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-10-10 13:37 - 2014-10-10 13:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-07-05 21:10 - 2017-07-05 21:10 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-05 21:10 - 2017-07-05 21:10 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-05 21:10 - 2017-07-05 21:10 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-05 21:10 - 2017-07-05 21:10 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-05 21:10 - 2017-07-05 21:10 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-05 21:09 - 2017-07-05 21:09 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-05 21:09 - 2017-07-05 21:11 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2017-07-05 21:10 - 2017-07-05 21:10 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\sharepoint.com -> hxxps://liverootnova.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-440272248-943791128-3511854739-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\spari_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "BacKGround Agent"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "TK8 StickyNotes"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-440272248-943791128-3511854739-1001\...\StartupApproved\Run: => "Spotify"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{046E9856-D5FE-4F10-A090-0623AEEBA0F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C3ABA619-E885-432A-B035-8E19BFF03E1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52E446D0-EE0F-47A2-92DC-E6D3005E592B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D8484AEF-B0E7-4FE2-8B33-8B603B934313}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{4D2AB6FA-F104-43F3-BA31-6EED0C22A94C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{E4CA702B-5E76-442E-B2B4-F0121520BD00}] => (Allow) C:\Users\spari_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C01BE89-E6DA-4CA9-B57E-ACA0DEA251E7}] => (Allow) C:\Users\spari_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CA0375C-05EE-49A7-B624-DF8121C6B41F}] => (Allow) C:\Users\spari_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4692DD56-3E97-46DC-904F-3572F1C0D0F2}] => (Allow) C:\Users\spari_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{460F1C86-75BF-4855-BF28-DAF530BAE891}] => (Allow) C:\Users\spari_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C1604819-745C-4296-9C90-C9B588EA2C01}] => (Allow) C:\Users\spari_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{7BA348E2-1854-4A6B-A6A4-65C2CBA62531}C:\program files (x86)\spotify\spotify.exe] => (Allow) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [TCP Query User{5D9FF4FB-33D4-4025-B51D-D0E7FA020F99}C:\program files (x86)\spotify\spotify.exe] => (Allow) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [{5985E5D6-2772-498C-90F3-7FC6C5D0F88F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2FFB7B3-1FD1-4BCB-A1B9-E8E6D95AAA5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8BC3BD04-BBFC-4F1B-A875-4AB7953C56F6}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F061B215-5441-4CE3-8217-60E4E04F764D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2B1EB922-CDA0-4CE9-B437-FFCE1FB34D1E}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{7E8589AE-81B0-44BE-A9FD-38D44C1450F0}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D33F71D9-B196-4BEE-98DC-C2975FFDDD15}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{C2BAE4F2-3A14-4CBD-9F2B-36D8C0C82E14}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{5095E3B1-8E06-4591-931D-C6CFFB236A69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{838AF261-9B86-4227-9F70-1111D2D91B4D}C:\users\spari_000\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\spari_000\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{78342B29-CE05-41D5-BDC0-D85C57724CF4}C:\users\spari_000\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\spari_000\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{D7545024-9261-4625-8005-43BC7AC5A34B}C:\users\spari_000\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\spari_000\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{812C95BA-EFD9-4780-B802-635B9A7DFCA7}C:\users\spari_000\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\spari_000\appdata\local\popcorn time\nw.exe
FirewallRules: [{0E6290D0-6727-45F4-8632-37C833F9F654}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A010A0A5-2A1A-4D71-BB13-0213EBB1E405}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4BC8D253-0110-4A3C-B3E2-B148563DA83A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A3F19D2C-6049-4D87-B5AF-0A327B2A5754}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{9D407BA3-CA7A-4660-A8ED-4C9CDE0A761B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4B2B2772-1EAD-4F8C-A152-5534D5CCC256}C:\users\spari_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\spari_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A9117704-8543-407C-9FB2-5D070E4D84FD}C:\users\spari_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\spari_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{ED282586-2DEE-43C0-886A-C469AEE94191}C:\users\spari_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\spari_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3B2B4379-D68E-4C48-8F77-52AA7D6554BB}C:\users\spari_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\spari_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DC99CA00-8B34-48ED-B238-667DD15DA49C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{26502743-6478-4AF1-8606-C1E878BE0182}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C06CEA4A-1366-49CC-930A-F004D566C4D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0A94E8F2-B2A7-4062-AA5D-1388554B1E02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{52B86451-FBE5-4F7C-9D33-39567C5E763E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{90756A7F-F0A7-4AFB-91B7-C478E2C5678D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2017 12:32:39 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:39 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:39 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (07/07/2017 12:32:32 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (07/08/2017 09:45:47 AM) (Source: DCOM) (EventID: 10010) (User: ShivaniPC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (07/07/2017 12:37:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/07/2017 12:37:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (07/07/2017 12:36:18 PM) (Source: DCOM) (EventID: 10010) (User: ShivaniPC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (07/07/2017 12:34:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (07/07/2017 12:32:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/06/2017 11:45:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/06/2017 10:58:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (07/06/2017 10:56:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/06/2017 10:56:06 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8107.33 MB
Available physical RAM: 4972.29 MB
Total Virtual: 11179.33 MB
Available Virtual: 7999.46 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:101.92 GB) (Free:38.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3C511D01)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

  • 0

#3
shiv1226

shiv1226

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 93.25 0 K 4 K 0
procexp64.exe 1.15 48,128 K 63,872 K 27008 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 1.04 124 K 32 K 4
csrss.exe 0.83 2,356 K 3,408 K 2140
Interrupts 0.80 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.70 65,856 K 25,456 K 1688
AvastSvc.exe 0.39 204,124 K 45,076 K 2020 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
chrome.exe 0.25 192,584 K 188,316 K 8228 Google Chrome Google Inc. (Verified) Google Inc
aswidsagenta.exe 0.24 27,936 K 31,492 K 5176 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
ePowerSvc.exe 0.20 13,024 K 9,748 K 1784 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
TabTip.exe 0.12 4,276 K 5,476 K 1032
services.exe 0.12 3,596 K 4,772 K 844
ddp.exe 0.11 33,168 K 5,376 K 812 Dolby Digital Plus Profile Selector Dolby Laboratories Inc. (Verified) Dolby Laboratories
explorer.exe 0.09 57,708 K 64,288 K 6276 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ePowerTray.exe 0.07 4,044 K 2,364 K 1156 ePowerTray Acer Incorporated (Verified) Acer Incorporated
svchost.exe 0.06 9,432 K 10,120 K 944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.06 15,400 K 10,832 K 512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
igfxEM.exe 0.06 5,192 K 4,960 K 952 igfxEM Module Intel Corporation (Verified) Intel Corporation - pGFX
chrome.exe 0.05 168,560 K 170,152 K 7532 Google Chrome Google Inc. (Verified) Google Inc
UBTService.exe 0.05 20,172 K 14,056 K 7692 UEIPSvc acer (Verified) Acer Incorporated
ePowerEvent.exe 0.05 8,304 K 3,352 K 5896
AvastUI.exe 0.04 25,668 K 28,160 K 1356 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.02 55,128 K 48,404 K 640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.02 27,484 K 14,608 K 1272 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 0.02 2,028 K 2,728 K 1184
taskhostw.exe 0.01 7,988 K 6,040 K 6944 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
flux.exe 0.01 29,280 K 5,220 K 6728 f.lux Flux Software LLC (Verified) Michael Herf
chrome.exe 0.01 3,028 K 3,408 K 4664 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.01 134,992 K 134,600 K 7572 Google Chrome Google Inc. (Verified) Google Inc
CNMNSST.exe 0.01 1,972 K 2,796 K 1844 Canon IJ Network Scanner Selector EX CANON INC. (Verified) Canon Inc.
csrss.exe 0.01 1,888 K 1,596 K 612
svchost.exe 0.01 6,056 K 4,236 K 1428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.01 6,016 K 7,948 K 852 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 14,412 K 11,640 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 2,124 K 1,424 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
QAMsg.exe 0.01 2,688 K 704 K 228
LMEvent.exe 0.01 4,088 K 2,296 K 7084
svchost.exe < 0.01 6,184 K 7,256 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RAVBg64.exe < 0.01 6,280 K 2,424 K 1488 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
svchost.exe < 0.01 7,464 K 13,384 K 2404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RAVCpl64.exe < 0.01 5,012 K 4,180 K 6776 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ApplicationFrameHost.exe < 0.01 11,336 K 6,936 K 5040 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
UMonit64.exe < 0.01 2,776 K 2,780 K 5364
GestureDetection.exe < 0.01 1,904 K 888 K 7384
ccd.exe < 0.01 23,328 K 5,220 K 2820
chrome.exe < 0.01 3,016 K 2,312 K 8392 Google Chrome Google Inc. (Verified) Google Inc
RuntimeBroker.exe < 0.01 21,736 K 16,152 K 7912 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
OfficeClickToRun.exe < 0.01 37,420 K 18,716 K 2420 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
LMS.exe < 0.01 3,208 K 2,212 K 6012 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxHK.exe < 0.01 3,016 K 1,536 K 7512 igfxHK Module Intel Corporation (Verified) Intel Corporation - pGFX
svchost.exe < 0.01 8,392 K 9,544 K 1608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AudioInvertAgent.exe < 0.01 4,000 K 576 K 6508
Launch Screen Grasp.exe < 0.01 3,812 K 624 K 1396 Launch Screen Grasp Acer Incorporated (Verified) Acer Incorporated
QAEvent.exe < 0.01 3,252 K 1,532 K 6884
LMTray.exe < 0.01 2,504 K 1,092 K 7956
svchost.exe < 0.01 7,992 K 7,588 K 1692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe < 0.01 3,432 K 1,484 K 1336 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 21,360 K 17,688 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,732 K 3,428 K 1848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
DbxSvc.exe < 0.01 2,448 K 760 K 2412 Dropbox Service Dropbox, Inc. (Verified) Dropbox
svchost.exe < 0.01 15,620 K 14,148 K 1516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCDMonitorService.exe < 0.01 1,976 K 732 K 2428 CCD Monitor Service Acer Incorporated (Verified) Acer Incorporated
ePowerWinMonitor.exe < 0.01 1,140 K 692 K 5012 ePowerWinMonitor Acer Incorporated (Verified) Acer Incorporated
svchost.exe < 0.01 5,952 K 3,616 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe < 0.01 6,672 K 4,928 K 1912 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 2,548 K 5,228 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 1,204 K 292 K 2376
sihost.exe < 0.01 6,268 K 7,092 K 6168 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
LMSvc.exe < 0.01 1,680 K 712 K 2476 LMSvc Acer Incorporate (Verified) Acer Incorporated
LMLockHandler.exe < 0.01 1,720 K 528 K 2984
ibtsiva.exe < 0.01 924 K 804 K 2440 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions
TouchToolsLaunchSvc.exe < 0.01 788 K 76 K 2624 Touch Tools Acer Incorporated (Verified) Acer Incorporated
WmiPrvSE.exe < 0.01 3,400 K 5,804 K 2072
winlogon.exe 2,316 K 2,028 K 8084
wininit.exe 1,160 K 8 K 704
unsecapp.exe 2,452 K 2,740 K 7136
unsecapp.exe 1,564 K 1,824 K 4992
unsecapp.exe 2,340 K 2,868 K 1596 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,456 K 2,784 K 4896
TabTip32.exe 1,460 K 68 K 464
SystemSettings.exe Suspended 17,416 K 4,720 K 4600 Settings Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,740 K 11,068 K 2644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smss.exe 364 K 112 K 420
ShellExperienceHost.exe Suspended 38,048 K 5,976 K 5748 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 48,536 K 2,172 K 6264 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RichVideo.exe 1,340 K 580 K 2580 RichVideo Module (Verified) CyberLink
QASvc.exe 1,536 K 20 K 6288 QASvc Acer Incorporate (Verified) Acer Incorporated
procexp.exe 3,272 K 10,648 K 27404 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,776 K 316 K 4396 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
Microsoft.Photos.exe Suspended 68,152 K 12,492 K 912 (No signature was present in the subject)
Memory Compression 436 K 132,024 K 2904
jhi_service.exe 1,356 K 96 K 5428 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxext.exe 4,596 K 1,700 K 2992 igfxext Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxCUIService.exe 11,796 K 11,808 K 1588 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - pGFX
fontdrvhost.exe 740 K 76 K 6576
dllhost.exe 2,552 K 10,328 K 27000 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,652 K 1,812 K 4972 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 6,388 K 2,132 K 2216
chrome.exe 30,208 K 26,560 K 164 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 143,336 K 123,920 K 4976 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 79,460 K 71,900 K 1952 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 239,100 K 232,716 K 5336 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 36,964 K 41,248 K 17280 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 73,512 K 62,560 K 8320 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 27,340 K 32,900 K 17216 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 9,996 K 16,324 K 26292
 
 
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       420 N/A                                         
csrss.exe                      612 N/A                                         
wininit.exe                    704 N/A                                         
services.exe                   844 N/A                                         
lsass.exe                      852 KeyIso, SamSs, VaultSvc                     
svchost.exe                    944 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                   1020 RpcEptMapper, RpcSs                         
svchost.exe                    640 Appinfo, BITS, Browser, EapHost, gpsvc,     
                                   iphlpsvc, LanmanServer, lfsvc, ProfSvc,     
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   UserManager, Winmgmt, wisvc, WpnService,    
                                   wuauserv                                    
svchost.exe                    512 AudioEndpointBuilder,                       
                                   DeviceAssociationService, DsSvc,            
                                   NcbService, Netman, PcaSvc, SensorService,  
                                   SmsRouter, StorSvc, SysMain,                
                                   TabletInputService, TrkWks, WdiSystemHost,  
                                   wudfsvc                                     
svchost.exe                   1096 Dhcp, EventLog, HomeGroupProvider, lmhosts, 
                                   TimeBrokerSvc, wscsvc                       
svchost.exe                   1108 BFE, CoreMessagingRegistrar, DPS, MpsSvc,   
                                   NcdAutoSetup                                
WUDFHost.exe                  1184 N/A                                         
svchost.exe                   1428 FDResPub, QWAVE, SensrSvc, SSDPSRV          
svchost.exe                   1516 EventSystem, fdPHost, FontCache,            
                                   LicenseManager, netprofm, nsi,              
                                   WdiServiceHost, WinHttpAutoProxySvc         
igfxCUIService.exe            1588 igfxCUIService2.0.0.0                       
svchost.exe                   1608 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
svchost.exe                   1772 Audiosrv                                    
svchost.exe                   1848 Wcmsvc                                      
svchost.exe                   1980 WlanSvc                                     
AvastSvc.exe                  2020 avast! Antivirus                            
spoolsv.exe                   1912 Spooler                                     
dasHost.exe                   2216 N/A                                         
svchost.exe                   2404 DiagTrack                                   
DbxSvc.exe                    2412 DbxSvc                                      
OfficeClickToRun.exe          2420 ClickToRunSvc                               
CCDMonitorService.exe         2428 CCDMonitorService                           
ibtsiva.exe                   2440 ibtsiva                                     
LMSvc.exe                     2476 LMSvc                                       
RichVideo.exe                 2580 RichVideo                                   
svchost.exe                   2604 stisvc                                      
TouchToolsLaunchSvc.exe       2624 TouchToolsLaunchService                     
svchost.exe                   2644 StateRepository, tiledatamodelsvc           
Memory Compression            2904 N/A                                         
WmiPrvSE.exe                  2072 N/A                                         
ccd.exe                       2820 N/A                                         
conhost.exe                   2376 N/A                                         
PresentationFontCache.exe     4396 FontCache3.0.0.0                            
SearchIndexer.exe             1272 WSearch                                     
aswidsagenta.exe              5176 aswbIDSAgent                                
QASvc.exe                     6288 QASvc                                       
ePowerSvc.exe                 1784 ePowerSvc                                   
jhi_service.exe               5428 jhi_service                                 
LMS.exe                       6012 LMS                                         
UBTService.exe                7692 UEIPSvc                                     
csrss.exe                     2140 N/A                                         
winlogon.exe                  8084 N/A                                         
dwm.exe                       1688 N/A                                         
sihost.exe                    6168 N/A                                         
svchost.exe                   1692 CDPUserSvc_2f9037, OneSyncSvc_2f9037,       
                                   PimIndexMaintenanceSvc_2f9037,              
                                   UnistoreSvc_2f9037, UserDataSvc_2f9037      
taskhostw.exe                 6944 N/A                                         
igfxEM.exe                     952 N/A                                         
igfxHK.exe                    7512 N/A                                         
RuntimeBroker.exe             7912 N/A                                         
explorer.exe                  6276 N/A                                         
ShellExperienceHost.exe       5748 N/A                                         
ddp.exe                        812 N/A                                         
SearchUI.exe                  6264 N/A                                         
UMonit64.exe                  5364 N/A                                         
TabTip.exe                    1032 N/A                                         
SettingSyncHost.exe           1336 N/A                                         
TabTip32.exe                   464 N/A                                         
dllhost.exe                   4972 N/A                                         
RAVCpl64.exe                  6776 N/A                                         
RAVBg64.exe                   1488 N/A                                         
AvastUI.exe                   1356 N/A                                         
flux.exe                      6728 N/A                                         
QAEvent.exe                   6884 N/A                                         
unsecapp.exe                  4896 N/A                                         
LMEvent.exe                   7084 N/A                                         
LMLockHandler.exe             2984 N/A                                         
unsecapp.exe                  7136 N/A                                         
unsecapp.exe                  4992 N/A                                         
ePowerTray.exe                1156 N/A                                         
QAMsg.exe                      228 N/A                                         
LMTray.exe                    7956 N/A                                         
igfxext.exe                   2992 N/A                                         
unsecapp.exe                  1596 N/A                                         
ePowerEvent.exe               5896 N/A                                         
ePowerWinMonitor.exe          5012 N/A                                         
CNMNSST.exe                   1844 N/A                                         
AudioInvertAgent.exe          6508 N/A                                         
GestureDetection.exe          7384 N/A                                         
Launch Screen Grasp.exe       1396 N/A                                         
fontdrvhost.exe               6576 N/A                                         
ApplicationFrameHost.exe      5040 N/A                                         
Microsoft.Photos.exe           912 N/A                                         
SystemSettings.exe            4600 N/A                                         
chrome.exe                    8228 N/A                                         
chrome.exe                    4664 N/A                                         
chrome.exe                    8392 N/A                                         
chrome.exe                    4976 N/A                                         
chrome.exe                    5336 N/A                                         
chrome.exe                    1952 N/A                                         
chrome.exe                    8320 N/A                                         
chrome.exe                    7572 N/A                                         
chrome.exe                    7532 N/A                                         
chrome.exe                     164 N/A                                         
chrome.exe                   17216 N/A                                         
chrome.exe                   17280 N/A                                         
audiodg.exe                  26292 N/A                                         
procexp.exe                  27404 N/A                                         
procexp64.exe                27008 N/A                                         
notepad.exe                  27444 N/A                                         
notepad.exe                  27856 N/A                                         
FMAPP.exe                    28232 N/A                                         
backgroundTaskHost.exe       27736 N/A                                         
dllhost.exe                  28044 N/A                                         
TabTip.exe                   28504 N/A                                         
dllhost.exe                  28276 N/A                                         
cmd.exe                       9856 N/A                                         
conhost.exe                  28584 N/A                                         
tasklist.exe                 28436 N/A                                         
WmiPrvSE.exe                 28140 N/A                                         
 
 
 
 
 
 

Attached Files

  • Attached File  PC.txt   128.5KB   27 downloads

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP

Might be running hot per speccy but speccy often reads too high.  Let's get a second opinion:

Run Speedfan to monitor your temps in real time:

 
 
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.
 
What is the highest temp you see when idle.  Watch a video, run an anti-virus scan or play a game.  For about 15 minutes.  How high does the temperature go?

  • 0

#5
shiv1226

shiv1226

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

So when i paused the video and walked away 65C watching the video was like 58C. No sign of malware from scans? 


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP

No sign of malware.  65C is not a good temp.  Usually means the heatsink is clogged with dust.  What make & model is the PC?  On some it is a simple job to clean the heatsink.  Others it is more like brain surgery.


  • 0

#7
shiv1226

shiv1226

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Its an Acer Aspire R13. have it sitting on glass table maybe not enough airflow between laptop and glass? 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP

Laptops are designed to sit on a hard surface so that's unlikely.  

 

It looks like you can take off the bottom without a lot of work.  

 

http://laptopmedia.c...pgrade-options/

 

That may allow you to get close enough to the fan/heatsink to use a vacuum cleaner hose to clean out the dust.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP