Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Passwords change and my home is listed as over 200 miles away


  • Please log in to reply

#1
noknojon

noknojon

    Member

  • Member
  • PipPipPip
  • 533 posts

Several very odd items occur. First is the fact that I now see GIF's and Videos as pictured below, not in clear backgrounds or correct colors.

 

Colors.JPG 2ndGIF.JPG

 

Next, sorry if this is double posted because the post will 'Delete' itself several times during this process.

 

Next AdwCleaner found and removed the 3 items listed below, plus I was hit by the CCleaner Floxit infection and another 'Generic' Trojan. Now I am here...

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\ Interface\{7BCA6879-A9F8-47DE- AE05-F5CE7EA3A474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\ {ADF1FA2A-6EAA-4A97-A55F- 3C8B92843EF5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ OverlayIcon.DLL


I have attempted to use my + 10 year old Malwarebytes forum account many times and even followed their procedures to change my password (without luck).

The information from my computer usually lists me as 'over 200 miles' East of my current location.
I removed the Malwarebytes Premium version from this computer and installed the 'Trial Version' and installed it on my Windows 7.1 Toshiba laptop, as I did not know if it was secure here.

 

 

FRST  and Addition follows;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by John PC (administrator) on JOHNPC (22-11-2017 10:04:44)
Running from C:\Users\John PC\Downloads
Loaded Profiles: John PC (Available Profiles: John PC & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-19] (Piriform Ltd)
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\MountPoints2: {6b52002f-6b78-11e3-8251-806e6f6e6963} - "E:\ReelDealSlots4Launcher.exe"
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\MountPoints2: {a9bf35ba-1fd0-11e7-867f-40f02f20cc67} - "F:\AutoRun.exe"
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\MountPoints2: {f2971bfa-ef94-11e5-82de-40f02f20cc67} - "F:\AutoRun.exe"
Startup: C:\Users\John PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-09-24]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\John PC\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\John PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2017-09-21] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{5F989494-1F51-40E6-94D7-637631816A06}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://toolbox3.iinet.net.au/
hxxps://webmail.netspace.net.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001 -> {110CA03A-7B67-45B9-B1EF-8E360541506F} URL =
SearchScopes: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001 -> {F655E431-86D9-4400-BA8A-7DC6D197AD3B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-18] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF DefaultProfile: gif66xes.default-1452988443678-1504568988095
FF ProfilePath: C:\Users\John PC\AppData\Roaming\Mozilla\Firefox\Profiles\gif66xes.default-1452988443678-1504568988095 [2017-11-22]
FF Homepage: Mozilla\Firefox\Profiles\gif66xes.default-1452988443678-1504568988095 -> hxxps://google.com.au/
FF Extension: (Enhancer for YouTube™) - C:\Users\John PC\AppData\Roaming\Mozilla\Firefox\Profiles\gif66xes.default-1452988443678-1504568988095\Extensions\[email protected] [2017-11-21]
FF Extension: (uBlock Origin) - C:\Users\John PC\AppData\Roaming\Mozilla\Firefox\Profiles\gif66xes.default-1452988443678-1504568988095\Extensions\[email protected] [2017-11-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-21] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1877073717-3212129561-1314164763-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-25] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default [2017-11-22]
CHR Extension: (Google Translate) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-26]
CHR Extension: (Docs) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26]
CHR Extension: (Google Drive) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-07]
CHR Extension: (YouTube) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-07]
CHR Extension: (Ads Killer) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjckigopagkhaikodedjnmbccfpnmiea [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-26]
CHR Extension: (Gmail) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\John PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-26]

Opera:
=======
OPR Extension: (Youtube - Most Popular) - C:\Users\John PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\oldapoiohefbnmggejjodihigclfhnka [2016-06-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-11] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [153736 2016-06-03] (CANON INC.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [387144 2017-03-31] ()
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-16] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-18] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-18] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-18] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-18] (Malwarebytes)
R1 MpKsl7e476e87; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36D4AA32-0114-4350-AF09-27D05EB1507A}\MpKsl7e476e87.sys [58120 2017-11-22] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2013-05-24] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-11] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-13] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-22 10:04 - 2017-11-22 10:05 - 000015909 _____ C:\Users\John PC\Downloads\FRST.txt
2017-11-22 10:03 - 2017-11-22 10:03 - 000000159 _____ C:\Users\John PC\Desktop\New Internet Shortcut.url
2017-11-22 09:36 - 2017-11-22 10:04 - 000001483 _____ C:\Users\John PC\Desktop\FRST64 - Shortcut.lnk
2017-11-22 09:35 - 2017-11-22 09:35 - 002391552 _____ (Farbar) C:\Users\John PC\Downloads\FRST64(1).exe
2017-11-22 09:34 - 2017-11-22 09:34 - 002391552 _____ (Farbar) C:\Users\John PC\Downloads\FRST64.exe
2017-11-22 06:36 - 2017-11-22 06:36 - 000000000 ____D C:\Users\John PC\Desktop\mb-check-results
2017-11-22 06:18 - 2017-11-22 06:18 - 002979002 _____ C:\Users\John PC\Desktop\mb-check-results.zip
2017-11-22 06:16 - 2017-11-22 06:16 - 002326984 _____ (Malwarebytes Corporation) C:\Users\John PC\Downloads\mb-check-3.1.9.1001.exe
2017-11-21 17:25 - 2017-11-21 17:26 - 000037635 _____ C:\Users\John PC\Desktop\MTB.txt
2017-11-20 16:09 - 2017-11-20 16:09 - 000001492 _____ C:\Users\John PC\Desktop\SysInfo - Shortcut.lnk
2017-11-20 16:08 - 2017-11-20 16:08 - 000748192 _____ (TechGuy, Inc.) C:\Users\John PC\Downloads\SysInfo.exe
2017-11-20 08:20 - 2017-11-20 08:20 - 000000070 _____ C:\Users\John PC\Documents\WizardGroup.txt
2017-11-19 13:02 - 2017-11-19 13:02 - 000005587 _____ C:\Users\John PC\Documents\CURRENTINTERNET.txt
2017-11-18 14:48 - 2017-11-18 14:48 - 000001428 _____ C:\Users\John PC\Documents\mbts scan.txt
2017-11-16 14:45 - 2017-11-16 14:45 - 000000158 _____ C:\Users\John PC\Documents\Mum.txt
2017-11-16 14:27 - 2017-11-18 13:50 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-16 14:27 - 2017-11-18 09:36 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-16 14:27 - 2017-11-18 09:36 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-16 14:27 - 2017-11-18 09:36 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-16 14:27 - 2017-11-16 14:27 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-16 14:27 - 2017-11-16 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-16 10:07 - 2017-10-11 18:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-16 10:07 - 2017-10-11 02:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-16 10:07 - 2017-10-11 00:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-16 10:07 - 2017-10-11 00:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-16 08:22 - 2017-10-14 19:38 - 025731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-16 08:22 - 2017-10-14 19:23 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-11-16 08:22 - 2017-10-14 19:09 - 005979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-16 08:22 - 2017-10-14 18:30 - 015266816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-16 08:22 - 2017-10-14 18:14 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-16 08:22 - 2017-10-14 18:05 - 015431680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-16 08:22 - 2017-10-14 17:33 - 004542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-16 08:22 - 2017-10-14 17:28 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-16 08:22 - 2017-10-14 17:14 - 013317632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-16 08:22 - 2017-09-09 04:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-11-16 08:22 - 2017-09-09 03:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-11-16 08:22 - 2017-08-11 12:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-11-16 08:21 - 2017-10-18 06:11 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-16 08:21 - 2017-10-17 05:38 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-16 08:21 - 2017-10-15 00:04 - 001548624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-16 08:21 - 2017-10-14 19:13 - 002903552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-11-16 08:21 - 2017-10-14 19:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-16 08:21 - 2017-10-14 19:01 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-16 08:21 - 2017-10-14 18:36 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-11-16 08:21 - 2017-10-14 18:31 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-11-16 08:21 - 2017-10-14 18:30 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-16 08:21 - 2017-10-14 18:30 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-16 08:21 - 2017-10-14 18:29 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-16 08:21 - 2017-10-14 18:27 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-16 08:21 - 2017-10-14 18:21 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-16 08:21 - 2017-10-14 18:09 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-16 08:21 - 2017-10-14 17:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-11-16 08:21 - 2017-10-14 17:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-16 08:21 - 2017-10-14 17:50 - 002293760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-11-16 08:21 - 2017-10-14 17:45 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-16 08:21 - 2017-10-14 17:28 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-11-16 08:21 - 2017-10-14 17:25 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-11-16 08:21 - 2017-10-14 17:24 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-16 08:21 - 2017-10-14 17:24 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-16 08:21 - 2017-10-14 17:23 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-16 08:21 - 2017-10-14 17:10 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-16 08:21 - 2017-10-14 17:07 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-16 08:21 - 2017-10-14 17:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-11-16 08:21 - 2017-10-11 03:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-16 08:21 - 2017-10-11 02:38 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-16 08:21 - 2017-10-11 02:38 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-11-16 08:21 - 2017-10-11 02:11 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-16 08:21 - 2017-10-11 02:08 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-11-16 08:21 - 2017-10-05 18:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-16 08:21 - 2017-09-15 10:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-11-16 08:21 - 2017-09-08 14:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-16 08:21 - 2017-09-08 14:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-16 08:21 - 2017-09-08 08:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-16 08:21 - 2017-09-08 06:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-16 08:21 - 2017-09-08 04:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-16 08:21 - 2017-09-08 04:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2017-11-16 08:21 - 2017-09-08 00:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-11-16 08:21 - 2017-09-08 00:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-11-16 08:21 - 2017-09-07 10:07 - 000158552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-16 08:21 - 2017-09-07 08:17 - 000461144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-16 08:21 - 2017-09-07 08:17 - 000443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-11-16 08:21 - 2017-09-07 01:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-16 08:21 - 2017-08-11 12:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-11-16 08:00 - 2017-11-16 08:00 - 010849904 _____ (Piriform Ltd) C:\Users\John PC\Downloads\ccsetup537.exe
2017-11-14 07:25 - 2017-11-14 07:25 - 000003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2017-11-14 07:20 - 2017-11-14 07:20 - 000000000 ____D C:\ProgramData\Apple
2017-11-14 07:20 - 2017-11-14 07:20 - 000000000 ____D C:\Program Files\Bonjour
2017-11-14 07:20 - 2017-11-14 07:20 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-14 07:17 - 2017-11-14 07:17 - 000003338 _____ C:\WINDOWS\System32\Tasks\abDocsDllLoader
2017-11-14 07:17 - 2017-11-14 07:17 - 000001929 _____ C:\Users\Public\Desktop\abDocs.lnk
2017-11-13 20:16 - 2017-11-16 14:27 - 000001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-13 20:16 - 2017-11-13 20:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 20:16 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-13 19:58 - 2017-11-13 19:59 - 078346672 _____ (Malwarebytes ) C:\Users\John PC\Downloads\mb3-setup-consumer-3.3.1.2183(1).exe
2017-11-13 19:08 - 2017-11-13 19:08 - 000058446 ____T C:\Users\John PC\Documents\GeelviaBHeads.xps
2017-11-13 18:37 - 2017-11-13 18:37 - 000114554 _____ C:\Users\John PC\Downloads\timetable.pdf
2017-11-13 12:57 - 2017-11-13 12:57 - 000000000 ____T C:\Users\John PC\Documents\Screaming.prn
2017-11-12 14:48 - 2017-11-12 14:48 - 000000675 _____ C:\Users\John PC\Documents\Extra to Reply.txt
2017-11-11 18:35 - 2017-11-11 18:35 - 000022127 _____ C:\Users\John PC\Downloads\invoice_1069_from_Aarons Air Conditioning Services.pdf
2017-11-10 15:48 - 2017-11-21 22:02 - 000007567 _____ C:\Users\John PC\Documents\Sales.txt
2017-11-09 16:26 - 2017-11-09 16:26 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-09 16:24 - 2017-11-09 16:24 - 078346672 _____ (Malwarebytes ) C:\Users\John PC\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-08 21:50 - 2017-11-08 21:50 - 000000199 _____ C:\Users\John PC\Documents\Gynny Davis.txt
2017-11-04 22:12 - 2017-11-06 07:47 - 000002129 _____ C:\Users\John PC\Documents\patient.txt
2017-11-04 22:05 - 2017-11-04 22:05 - 000660138 ____T C:\Users\John PC\Documents\doctor.prn
2017-11-04 17:55 - 2017-11-04 17:55 - 000001177 _____ C:\Users\John PC\Desktop\Weather - Shortcut.lnk
2017-11-04 12:23 - 2017-11-04 12:23 - 000000434 _____ C:\Users\John PC\Documents\Back Concrete.txt
2017-11-03 17:30 - 2017-11-03 17:31 - 001510832 _____ (Ruiware) C:\Users\John PC\Downloads\wpsetup(1).exe
2017-11-03 17:27 - 2017-11-03 17:28 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-03 17:27 - 2017-11-03 17:28 - 000000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-03 17:27 - 2017-11-03 17:27 - 000002790 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-03 17:27 - 2017-11-03 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-03 17:27 - 2017-11-03 17:27 - 000000000 ____D C:\Program Files\CCleaner
2017-11-03 17:24 - 2017-11-03 17:24 - 010427120 _____ (Piriform Ltd) C:\Users\John PC\Downloads\ccsetup536(3).exe
2017-11-01 22:51 - 2017-11-01 22:51 - 000000360 _____ C:\Users\John PC\Documents\TopHits.txt
2017-11-01 17:53 - 2017-11-01 20:13 - 000000760 _____ C:\Users\John PC\Documents\Mark Petney.txt
2017-11-01 11:10 - 2017-11-01 11:10 - 000000300 _____ C:\Users\John PC\Documents\Games.txt
2017-10-31 08:28 - 2017-10-31 08:28 - 000000834 _____ C:\Users\John PC\Documents\Needles.txt
2017-10-31 07:36 - 2017-10-31 07:36 - 000001810 _____ C:\Users\John PC\Documents\Injections.txt
2017-10-30 22:06 - 2017-10-30 22:06 - 000000837 _____ C:\Users\John PC\Documents\AppleID.txt
2017-10-28 21:46 - 2017-10-30 11:02 - 000000282 _____ C:\Users\John PC\Documents\Brendon Brice Electrical.txt
2017-10-28 11:31 - 2017-10-28 18:20 - 000001845 _____ C:\Users\John PC\Documents\Noise and my feeling.txt
2017-10-27 15:18 - 2017-10-27 15:18 - 000000442 _____ C:\Users\John PC\Documents\FBookMaybe.txt
2017-10-26 20:45 - 2017-11-15 06:36 - 000002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-25 09:59 - 2017-10-27 14:03 - 000000622 _____ C:\Users\John PC\Documents\Betting.txt
2017-10-24 10:22 - 2017-10-24 10:22 - 000001048 _____ C:\Users\John PC\Documents\Flybuys account.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-22 10:04 - 2016-02-16 13:01 - 000000000 ____D C:\FRST
2017-11-22 10:03 - 2016-11-18 08:56 - 000000000 ____D C:\Users\John PC\AppData\LocalLow\Mozilla
2017-11-22 09:00 - 2013-08-23 00:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-22 08:58 - 2016-11-17 08:33 - 000000095 _____ C:\Users\John PC\.accessibility.properties
2017-11-22 08:58 - 2015-06-29 22:10 - 000000000 ____D C:\Users\John PC
2017-11-22 08:58 - 2013-08-23 01:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-22 07:26 - 2013-08-23 00:25 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2017-11-22 07:22 - 2015-06-30 00:01 - 000000000 ____D C:\Users\John PC\AppData\Local\ClassicShell
2017-11-22 07:18 - 2015-06-30 13:32 - 000000000 ____D C:\Users\John PC\AppData\Local\CrashDumps
2017-11-21 16:14 - 2015-06-29 22:18 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1877073717-3212129561-1314164763-1001
2017-11-21 15:26 - 2015-08-06 09:41 - 000000000 ____D C:\Program Files\Recuva
2017-11-21 15:25 - 2015-08-06 09:42 - 000001674 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-11-21 07:32 - 2015-07-07 22:08 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 19:56 - 2016-01-17 10:54 - 000000000 ____D C:\Users\John PC\Documents\Old Firefox Data
2017-11-18 09:17 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\rescache
2017-11-17 14:10 - 2013-08-23 02:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-17 14:10 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-17 13:59 - 2017-02-23 21:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-17 13:59 - 2015-06-30 09:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-17 10:22 - 2015-06-30 09:47 - 000000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 10:22 - 2015-06-30 09:47 - 000000000 ____D C:\Users\John PC\AppData\Roaming\Mozilla
2017-11-16 10:09 - 2016-04-08 21:02 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 10:08 - 2013-08-23 02:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-16 09:19 - 2015-07-06 14:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-16 09:12 - 2017-10-12 07:39 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-16 09:12 - 2015-07-06 14:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-16 08:42 - 2013-09-23 16:27 - 000799036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-16 08:38 - 2013-08-23 01:44 - 000337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 20:34 - 2017-09-04 16:46 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-15 20:34 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 20:34 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 06:32 - 2015-12-13 16:12 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 06:31 - 2015-12-13 16:11 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 06:29 - 2016-04-29 23:18 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 06:29 - 2016-04-29 23:18 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 08:21 - 2016-06-08 20:58 - 000000000 ____D C:\AdwCleaner
2017-11-14 07:23 - 2015-06-29 22:15 - 000000000 ____D C:\Users\John PC\AppData\Local\clear.fi
2017-11-14 07:22 - 2013-09-23 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-11-14 07:17 - 2013-09-23 16:34 - 000000000 ____D C:\Program Files (x86)\Acer
2017-11-14 07:16 - 2015-07-21 09:03 - 000003442 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2017-11-14 07:16 - 2013-09-23 17:14 - 000000000 ___HD C:\OEM
2017-11-13 19:08 - 2014-07-27 13:49 - 000000000 ____D C:\Users\John PC\AppData\LocalLow\Temp
2017-11-13 18:41 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-11-04 11:41 - 2015-07-06 16:11 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 11:41 - 2015-07-06 16:11 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 11:01 - 2017-01-14 17:52 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-11-03 17:33 - 2016-05-16 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-11-03 17:33 - 2016-05-16 17:10 - 000000000 ____D C:\ProgramData\InstallMate
2017-10-26 20:45 - 2015-11-11 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-25 10:59 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-25 10:58 - 2015-11-01 07:34 - 000000000 ____D C:\Users\John PC\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2017-07-02 09:02 - 2017-07-02 09:02 - 000000020 ___SH () C:\Users\John PC\AppData\Roaming\1816CA7466166.ind
2017-07-02 09:02 - 2017-07-02 09:02 - 000000020 ___SH () C:\Users\John PC\AppData\Roaming\Programs8187ConfigDB.dat
2015-08-19 20:40 - 2015-08-19 20:40 - 000175566 _____ () C:\Users\John PC\AppData\Local\ars.cache
2015-08-19 20:40 - 2015-08-19 20:40 - 000244299 _____ () C:\Users\John PC\AppData\Local\census.cache
2015-08-19 17:36 - 2015-08-19 17:36 - 000000036 _____ () C:\Users\John PC\AppData\Local\housecall.guid.cache
2015-08-19 17:49 - 2017-03-26 21:40 - 000000010 _____ () C:\Users\John PC\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-17 14:10

==================== End of FRST.txt ============================

 

************************************************************************************************************************************************* [EXTRA Scan]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by John PC (22-11-2017 10:06:09)
Running from C:\Users\John PC\Downloads
Windows 8.1 (Update) (X64) (2015-06-29 11:12:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1877073717-3212129561-1314164763-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1877073717-3212129561-1314164763-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1877073717-3212129561-1314164763-1005 - Limited - Enabled)
John PC (S-1-5-21-1877073717-3212129561-1314164763-1001 - Administrator - Enabled) => C:\Users\John PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
AdFender (HKLM-x32\...\AdFender) (Version: 2.0 - AdFender, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{6ACE9B2D-3F28-BD76-DB71-957BE60C028D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version:  - )
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.3.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Canon TS8000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS8000_series) (Version: 1.01 - Canon Inc.)
Canon TS8000 series On-screen Manual (HKLM-x32\...\Canon TS8000 series On-screen Manual) (Version: 1.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
CUE CLUB (HKLM-x32\...\CUE_CLUB) (Version:  - )
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4314.55 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-396B02139A39}) (Version: 1.8.6429.23271 - Facebook)
Games Manager (HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\GamesManager) (Version: 2.10.0.653 - iWin Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\GrammarlyForWindows) (Version: 1.5.28 - Grammarly)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Hoyle Board Games 5 (HKLM-x32\...\Hoyle Board Games 5) (Version:  - )
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Masque Casino Game Pak II (HKLM-x32\...\Masque Casino Game Pak II) (Version:  - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Monopoly Casino (HKLM-x32\...\Monopoly Casino) (Version:  - )
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 en-US)) (Version: 52.1.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
Peggle Deluxe 1.01 (HKLM-x32\...\Peggle Deluxe 1.01) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 10.0.4.198 - Recover Keys)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Reel Deal Slots - Nickels and More (HKLM-x32\...\{A236B4D3-BA07-4864-991E-D58B77A44A08}) (Version: 1.00.0000 - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2013-09-07] (Qualcomm®Atheros®)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2013-09-07] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2015-05-16] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18FC4A4C-A8ED-48D1-B2EF-7AF2DC2EE394} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2017-09-28] ()
Task: {1BF78A94-7F61-4253-B029-5E08779D44D4} - System32\Tasks\{55937E98-0657-4D2B-885D-7CFF3F1353AE} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\John PC\Desktop\vtuploader2.2.exe" -d "C:\Users\John PC\Desktop"
Task: {24796622-EC19-4865-928F-B6A6B8991087} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {3AE70096-495C-4F63-9846-D79A7B173805} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-19] (Piriform Ltd)
Task: {50E190DC-3224-4D2C-8359-FA200A565CDD} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {533C6D4B-9AF9-4FA5-BB9B-72CFFD444E61} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {53847720-7197-4BEF-BA66-65DE6F8944A2} - System32\Tasks\Opera scheduled Autoupdate 1466918776 => C:\Program Files (x86)\Opera\launcher.exe
Task: {59AC8B3D-2523-463F-94C9-6AFD0200AE44} - System32\Tasks\{02D2B23E-12C4-4336-A6F1-F513C9E96DAA} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\John PC\Desktop\Tcpview\Tcpview.exe" -d "C:\Users\John PC\Desktop\Tcpview"
Task: {6100A029-E549-468C-BF49-5DD8DA76CA11} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6C3C0F00-7519-4DC0-BF66-4553D75EEBF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-09] (Piriform Ltd)
Task: {7039BB3B-6602-414B-B994-62C06F6DC8A3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {775474A6-2CC4-4160-BF71-FB1D4B47AFD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {7AAEA059-E5AB-41BA-9D00-428265C84D68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-29] (Google Inc.)
Task: {883C67FF-E22B-4E1A-B5E6-DBA271A7919C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {8C85C853-3DAD-4827-8E85-F7A00D574628} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {8F2D23FC-19B8-4766-A054-9421CE6CEEAD} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {92860AF7-7290-4692-82D2-402BA0357B4C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {A58DBE3B-2174-4D90-830C-19FA7BDAD036} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {BD5B03BF-0D08-4527-939A-F2A9B393152C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {C1F8BA39-3E15-45BE-AFE6-6B05C3E90846} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {C5A1512B-D52A-431F-AC53-90FDB7E0A3F7} - System32\Tasks\{4886547B-D22A-4490-A42D-639FC2BED085} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\John PC\AppData\Local\Temp\Temp1_Tcpview.zip\Tcpview.exe" <==== ATTENTION
Task: {DE318555-1E1C-469E-A2FD-943271066981} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {E25F7E09-0539-414D-8FE4-54ACFCA77665} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {E893BD61-F12C-4918-BBC7-C9C9BD68F9C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {EDE3ACE7-BAF5-46B7-BE4C-FACDBFBD4277} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-29] (Google Inc.)
Task: {F30DE34A-AA99-4B4D-A6B5-0DB62E32D262} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-12-23 14:00 - 2013-07-30 18:11 - 000110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-02-23 12:07 - 2016-02-23 12:07 - 003525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2017-01-14 17:52 - 2017-03-31 13:11 - 000387144 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-09-07 01:48 - 2013-09-07 01:48 - 000011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 000086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 000012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2017-09-28 17:21 - 2017-09-28 17:21 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-11-14 07:16 - 2017-11-14 07:16 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 12:35 - 2017-09-26 12:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 12:34 - 2017-09-26 12:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:5C92988B [191]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55888333.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77274609.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55888333.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77274609.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-23 00:25 - 2016-10-27 09:08 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "AdFender.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6CF1A262-4271-4083-A732-1C09CFBDEB96}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0B0F8BE3-898C-472B-A9D1-A93300F217B2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{17025D74-26A3-40DD-BEB3-75D3FBF131E9}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{378F3D20-A7F5-4CEA-9242-59ED6D9BE664}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{380D0805-B2F2-4829-A17C-816F285F4B56}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4F691B65-D60B-4791-B417-D58B5492F098}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{48EE8AF6-2CB5-40B3-BFC7-A0F4F449F492}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{847F981B-5FBA-4965-B1B4-052F590C0C47}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{0D63C9FD-0446-4634-9E57-A69E91FE664B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{5C133BA8-6BF2-4DBE-80B5-DD0698131885}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{3206BD79-CB3F-41FE-9767-F1760CA43BC7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{73102424-62CB-47B9-A394-91EABC05B04D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F40CF73B-0635-428A-998A-3F8C31ACA979}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{16ADAF7A-7689-4484-BA66-552604594AEE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{BE59CFFD-DD7E-44F8-BA88-432A396D8076}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7332B1BD-3BAA-4853-B57F-E4808AB4FFC6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{449143B7-6118-4F9C-8A69-F538EBEC54C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{76471544-B0F4-4B63-906C-E41AF8D3827C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{93003E86-EDA1-46CE-9266-A5743F71A2A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{3E8A0188-7B4A-4E0B-A4ED-4726991C09D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{82D6E267-7267-4A49-A0BB-5BD942791F57}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{6D6F3C5C-8360-4519-96FB-C33A7B8694B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4205CFF7-8898-494E-867B-44F358F1C680}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{94550F96-A14E-45EC-B45D-6F8B726B7B66}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5E8E15B9-2D5E-449B-AC79-8E9DD1B705A3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8DFA0884-58A9-4181-B5D6-0CE5208D45A0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{F4BAE879-BAF6-4467-A4E3-505A334A4B01}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{43BE7587-F94E-4268-96ED-ECEABF0CCF9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{6D6B66F2-5254-400E-A504-6621975CC7F0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CCF19367-157A-4E55-8480-D66E3188BEC2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{713109CC-1D7B-41D2-9450-E989FD291426}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{58819CE0-09F0-4766-81BA-635C34A46E73}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B66F0FF3-18CD-406F-8501-EBF1F63539B1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F7DE10E1-F7BA-4CE7-997F-6D79CA1BBBBF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{25966000-086F-45E9-BD32-2A248C73AC5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FB2588F0-C78C-40C5-9C25-60C758DE3E8D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F44F227E-DFA6-4C78-8192-10A5C4D98774}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{37BA205E-B828-4612-B1BB-62273D75BC25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E1A401B3-90DF-40C9-8FE4-D2B7A81DC638}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{048ED1DF-CFCE-49EC-B9E7-4F5C6AC1B705}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F5DD0E2B-997E-4490-9C30-CE6C2B8A60AF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B14CD9AA-899E-4642-A92E-989838CC077C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1484252-E7F0-4868-BAA8-980F3274D753}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2D0A3839-7C87-4079-8EBA-8D3D2F31DBE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{99B971E6-4958-4A76-B5DF-FC777CAD626B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C17D250-CFA5-4B32-87E2-14400C867F6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F9C7D6E-2B77-40F1-BB1C-AB699038CFFC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{73350996-C912-47BE-9A26-20385665C538}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{984F3009-96E3-4B01-8009-9E24E8A21883}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{943CA616-3AA1-4F5A-BF24-16CFDB73B6CB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2726BFED-6372-4FE7-9E9C-2FF68A5CC7CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D35F4DF0-95C6-435C-92D6-D8E2E9BE778C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4080BA5A-8C34-465D-8E84-523CDC4BAFA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F82FF65E-84DE-41D3-864D-69A7DEA58E12}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{80355BF6-A2E0-47EE-A29E-00B43AD25D9E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D13AB97E-604D-4BD6-B266-52065141256D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5FCF5706-4292-4260-BD9D-D6611C145734}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D013D0B7-2FEC-49C7-8AF3-997337939AF9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3562A196-65C1-4610-A199-3575C725C73E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C9F91082-E5AC-4098-A967-492C3906CA90}C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\nmap.exe] => (Allow) C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\nmap.exe
FirewallRules: [UDP Query User{B68A762D-1E44-47A9-AF62-86D1ADA7EEE7}C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\nmap.exe] => (Allow) C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\nmap.exe
FirewallRules: [{F3316CAE-BF78-438A-BF53-E9E89B9C1C1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5AF2634B-E298-42BF-AA28-82595244F7DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CA727B7-AA11-42A7-AC24-2F800B91E192}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{38A5B3FB-A4E5-494B-99FA-D221163E70CB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8993567F-D2D9-4E29-B018-6BD216FE8D9A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5ABB6A10-93AF-4041-9C84-AC6B398B6B9A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AE0FA0FE-55F0-42EB-8DEF-3F0FA52F767B}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{128CEDB3-ADC8-4C28-BCC8-B10ED644690F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{5DA0EA8E-7156-47E9-B491-8410552953C2}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{CBFFF4BC-5285-4D13-ADB0-61FBCD146165}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{50C1749C-F7F1-43E7-B7E4-8ABC9A6ECE0B}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{22C27284-0758-483A-A499-2193F445C06C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{A1639465-3CA1-4803-9B63-FD4F7D73F56E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5106ACD5-3611-4E16-B07B-B4CA0F25F259}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{4714012B-3C66-4518-A2DC-D004C24A1586}C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{82F68745-7854-4510-8172-01F81F984F2F}C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{404F981F-07E9-4AD8-8AB1-29A6D51EC18E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{098A949C-876D-4297-8777-C35CA0023309}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{DDBDA56B-C516-4C4A-8F82-996042350E41}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{3BEA4C91-4962-411D-A34B-BF12250E15C2}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5C4EC390-8F35-4D2D-8882-DDDEFC6148B6}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{38C18EB5-0696-4002-9FAD-8E9272489666}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D4BE57E3-621A-435A-94B4-8795FD951C7A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{F294E2CE-4E0E-4B55-8F5A-C445064A3AA0}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{910B8129-A44C-462B-8F81-88DCCE7FAEF9}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{BFE2D72F-CB4C-4D26-9A4D-128F97BA8D63}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{8E6AC21B-9121-4A9E-9839-3BCB54C92485}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{44788259-17A9-4D96-BDAE-44CC94486EA6}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{9FCD75EB-A053-4839-A491-AE26EEA99C97}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{839C5809-B443-4B26-B5C8-DFB06D015058}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{9A4294C6-66AE-4B0A-8D27-09A678E504B7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{66024198-DE51-4298-BF72-4C2098C937DD}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{92018DB3-3F7D-4171-8A3C-F1BC40CBA495}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{76EC6B2C-D0A4-4B61-84DD-18E37528DE5A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{0524DA3F-5A61-4450-AE41-CFD287C786F6}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{43FE30D3-37A9-4497-8D1A-74650199143F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{75C5EC64-1642-4C7A-BEBD-89C1960F8E89}C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{B765168B-0094-42DD-8987-B960F0C81B7B}C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\john pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{F21F787F-D207-4863-A32B-39BE28078CCF}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{06EFF444-209C-4401-AE5F-2BCC49ABDC7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0EF9F3FF-6ED9-4AC4-9BD5-6E9EA682ACA3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D5DD4A86-403D-42C0-BDE8-D3C488CFED91}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2D03FC16-642B-413A-8293-2DE2FE3CFC50}C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe
FirewallRules: [UDP Query User{3EC8F8D0-52FF-4D1C-872F-91D3180D15EC}C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe
FirewallRules: [{489DC053-E4AC-4DDB-986E-DD03B681B567}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{A6BBF7C9-9791-4106-9032-FB537A69AB8B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{89D5CFCD-B0EF-44AC-A53A-663B02EBFC8D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{AED9626C-F52C-45A9-9E1D-64F781C2C258}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{8D32BD3E-6DD9-4D6D-A620-9BB60934CFA5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3CCA8339-DE81-4415-A914-7EF06F77B29B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{38AD4990-C1C4-45C1-A291-02CAA4E23910}C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\sweep.exe] => (Allow) C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\sweep.exe
FirewallRules: [UDP Query User{9FD0D5D0-4316-4E68-9E92-806A9350CC8E}C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\sweep.exe] => (Allow) C:\users\john pc\appdata\local\temp\housecall\tmase\nmap\sweep.exe
FirewallRules: [{A9E45C47-5315-49E9-A8A0-C50E29E307EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B32C2C22-BBF1-4E19-B3BA-B111C7401E7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6C7F531-386A-4A7D-A729-659A505C2A35}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{06197827-E8EB-4235-AA14-350DDABDADDA}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{F827F4F4-960C-4C5C-8E31-9E29EC3BA2F4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{469E576B-E432-4BAA-936A-DB1B03BE839C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{26853EAB-EAF7-4D84-BB94-90CFDE883214}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-11-2017 11:25:47 Scheduled Checkpoint
10-11-2017 13:36:09 Scheduled Checkpoint
16-11-2017 08:22:44 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2017 11:41:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 57.0.0.6525, time stamp: 0x5a0859ef
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000003e878ce2357
Faulting process id: 0x8c8
Faulting application start time: 0x01d360cee9f4d3f5
Faulting application path: C:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: unknown
Report Id: 70736a37-ccc2-11e7-87fc-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 10:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1247, time stamp: 0x59f37829
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x58ed4d4f
Exception code: 0xc0000005
Fault offset: 0x001a9fd6
Faulting process id: 0xf68
Faulting application start time: 0x01d35e66f59158de
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 512a4a15-ca5a-11e7-87f3-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 10:10:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x10dc
Faulting application start time: 0x01d35e66f895d5af
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 36be5bd1-ca5a-11e7-87f3-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 09:19:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/16/2017 08:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1247, time stamp: 0x59f37829
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x58ed4d4f
Exception code: 0xc0000005
Fault offset: 0x001a9fd6
Faulting process id: 0xfbc
Faulting application start time: 0x01d35e5a2e192bd7
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 8bee5371-ca4d-11e7-87f2-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 08:39:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x105c
Faulting application start time: 0x01d35e5a31bfc5e7
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 71da97e6-ca4d-11e7-87f2-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 08:08:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1247, time stamp: 0x59f37829
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x58ed4d4f
Exception code: 0xc0000005
Fault offset: 0x001a9fd6
Faulting process id: 0xfe0
Faulting application start time: 0x01d35e55ac0ec816
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 306f547f-ca49-11e7-87f1-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 08:07:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x96c
Faulting application start time: 0x01d35e55af788141
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: ee11130f-ca48-11e7-87f1-40f02f20cc67
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2017 07:40:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/16/2017 07:36:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.


System errors:
=============
Error: (11/22/2017 08:58:12 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/22/2017 07:20:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/22/2017 06:05:40 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/21/2017 03:23:45 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/21/2017 07:51:58 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/20/2017 05:10:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2017 12:07:07 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/20/2017 07:31:25 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/19/2017 07:30:47 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/19/2017 09:56:11 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


CodeIntegrity:
===================================
  Date: 2017-11-16 07:30:54.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 07:30:53.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 07:30:52.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-16 07:30:51.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 22:00:55.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 22:00:54.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 22:00:53.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 22:00:50.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 22:00:49.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 22:00:48.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 8125.09 MB
Available physical RAM: 6632.85 MB
Total Virtual: 8637.09 MB
Available Virtual: 6870.73 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:457.11 GB) (Free:402.45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.11 GB) (Free:456.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D0E4787)

Partition: GPT.

==================== End of Addition.txt ============================

 

Thank You..


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP