Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible infection?: 'REMSH' Running & High CPU Usage

Started by OZDOUG , Dec 28 2017 10:55 PM
remsh High CPU

  • Please log in to reply

#1
OZDOUG
Posted 28 December 2017 - 10:55 PM

OZDOUG

    Member

  • Member
  • PipPipPip
  • 219 posts

On booting up may Acer laptop this morning I noticed it was somewhat slow. Ran Task Manager & saw 'remsh' was running & contributing to a 100% CPU usage.

 

Did some Googling & general info seems to be that it is 'possibly' a type of Malware even though it may show as 'signed by Microsoft'....not sure what that meant.

 

Came here to my friends at G2G & looked under the Malware & Spyware forum. Have followed the Cleaning Guide for my 64bit system.

 

Currently using Avast Free & Malwarebytes Premium but had no hits......although I did notice that Avast seemed to run for quite a while after boot up.

 

Results of scan are below: FRST.txt

--------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Doug (administrator) on LAPTOP-FG39KSMG (29-12-2017 12:03:26)
Running from C:\Users\Doug\Desktop
Loaded Profiles: Doug (Available Profiles: Doug)
Platform: Windows 10 Home Version 1511 10586.1106 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(SweetLabs, Inc) C:\Users\Doug\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-04-29] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-24] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-12] (MyCity)
HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\MountPoints2: {64427be7-d271-11e6-9da7-54ab3ae065b9} - "D:\setup_vmc_lite.exe" /checkApplicationPresence
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{14635548-1f70-4e83-aa31-10585c73489e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c959343c-3e95-4897-9252-86741f6e141e}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3734265924-3626069331-3154640717-1001 -> DefaultScope {9D35DBDA-F4E7-4FF7-A00A-1EBBEBDC9F90} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR Profile: C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default [2017-12-29]
CHR Extension: (Slides) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-26]
CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Sheets) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-26]
CHR Extension: (Avast Online Security) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-24] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-24] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [476656 2016-08-09] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [342000 2016-08-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\iCLS\SocketHeciServer.exe [974632 2016-05-24] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [176416 2016-06-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-06-18] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-06-18] (Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-28] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-24] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-24] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-24] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-24] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-24] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-24] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-24] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-24] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [95032 2016-05-17] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [341256 2016-03-19] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-06-18] (Acer Incorporated)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-12-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-12-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-12-29] (Malwarebytes)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7135504 2016-02-27] (Intel Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-02-05] (Sysinternals - www.sysinternals.com)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-06-18] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [631200 2017-11-19] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-29 12:03 - 2017-12-29 12:03 - 000015996 _____ C:\Users\Doug\Desktop\FRST.txt
2017-12-29 12:02 - 2017-12-29 12:03 - 000000000 ____D C:\FRST
2017-12-29 12:00 - 2017-12-29 12:01 - 002391552 _____ (Farbar) C:\Users\Doug\Desktop\FRST64.exe
2017-12-28 12:33 - 2017-12-28 12:33 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-24 16:52 - 2017-12-24 16:51 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-24 16:52 - 2017-12-24 16:51 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-23 07:46 - 2017-12-29 11:58 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-23 07:46 - 2017-12-28 12:33 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-23 07:46 - 2017-12-28 12:33 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-23 07:46 - 2017-12-28 12:33 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-23 07:46 - 2017-12-23 07:46 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-23 07:45 - 2017-12-23 07:45 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-23 07:45 - 2017-12-23 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-23 07:45 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-23 07:44 - 2017-12-23 07:44 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-21 11:49 - 2017-12-21 11:49 - 000170692 _____ C:\Windows\Minidump\122117-16062-01.dmp
2017-12-09 09:34 - 2017-12-24 16:52 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-12-09 09:34 - 2017-12-09 09:34 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-05 11:23 - 2017-12-05 11:23 - 000000279 _____ C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-12-05 08:08 - 2017-12-24 16:51 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-12-05 08:03 - 2017-12-05 08:03 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-12-05 08:03 - 2017-12-05 08:03 - 000001971 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-05 07:59 - 2017-12-25 16:57 - 000001086 _____ C:\Users\Doug\Desktop\TFC - Shortcut.lnk
2017-12-05 07:58 - 2017-12-05 07:58 - 000000000 ____D C:\TFC Temp File Cleaner
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-11-29 08:18 - 2017-11-29 08:18 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3734265924-3626069331-3154640717-1001
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-29 08:41 - 2017-09-29 10:17 - 000000000 ____D C:\Windows10Upgrade
2017-12-29 08:39 - 2016-12-26 22:40 - 000002290 _____ C:\Users\Doug\Desktop\Recent Items.lnk
2017-12-29 08:38 - 2017-10-16 09:04 - 000000799 _____ C:\Users\Doug\Desktop\Windows 10 Update Assistant.lnk
2017-12-29 08:38 - 2017-09-29 10:17 - 000000811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-29 08:38 - 2016-10-10 01:03 - 000751910 _____ C:\Windows\system32\perfh01D.dat
2017-12-29 08:38 - 2016-10-10 01:03 - 000155266 _____ C:\Windows\system32\perfc01D.dat
2017-12-29 08:38 - 2016-10-10 00:58 - 000455126 _____ C:\Windows\system32\perfh014.dat
2017-12-29 08:38 - 2016-10-10 00:58 - 000081138 _____ C:\Windows\system32\perfc014.dat
2017-12-29 08:38 - 2016-10-10 00:53 - 000440732 _____ C:\Windows\system32\perfh00B.dat
2017-12-29 08:38 - 2016-10-10 00:53 - 000085674 _____ C:\Windows\system32\perfc00B.dat
2017-12-29 08:38 - 2016-08-09 00:32 - 002786758 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-29 08:38 - 2015-10-30 15:21 - 000000000 ____D C:\Windows\INF
2017-12-29 08:36 - 2016-12-26 20:18 - 000000000 ____D C:\Users\Doug\AppData\Local\Host App Service
2017-12-28 13:07 - 2017-03-18 14:49 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-28 13:07 - 2017-01-01 12:49 - 000000000 ____D C:\ProgramData\MCShield
2017-12-28 13:07 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\AppReadiness
2017-12-28 13:06 - 2016-12-26 20:18 - 000000000 __SHD C:\Users\Doug\IntelGraphicsProfiles
2017-12-28 12:32 - 2016-02-13 21:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-28 12:32 - 2015-10-30 14:28 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-12-28 12:31 - 2017-08-13 23:52 - 000001422 _____ C:\Users\Doug\Downloads\k.txt
2017-12-28 12:17 - 2017-01-01 12:47 - 000000000 ____D C:\Users\Doug\AppData\Roaming\vlc
2017-12-27 11:53 - 2015-10-30 15:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-24 17:21 - 2015-10-30 15:11 - 000000000 ____D C:\Windows\CbsTemp
2017-12-24 16:51 - 2016-12-26 21:43 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-24 16:51 - 2016-12-26 21:43 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-24 16:50 - 2017-03-18 14:49 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2017-12-24 16:50 - 2017-03-18 14:49 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-12-24 16:50 - 2017-03-18 14:49 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2017-12-24 16:50 - 2017-03-18 14:49 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2017-12-23 16:30 - 2016-12-26 20:18 - 000000000 ____D C:\Users\Doug
2017-12-22 10:24 - 2017-01-01 08:49 - 000000000 ____D C:\Users\Doug\AppData\Local\CrashDumps
2017-12-21 11:49 - 2017-04-05 09:35 - 000000000 ____D C:\Windows\Minidump
2017-12-19 07:58 - 2015-10-30 15:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 07:55 - 2016-10-10 00:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-15 16:48 - 2016-12-26 20:50 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-15 16:48 - 2016-12-26 20:50 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-14 10:59 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\system32\NDF
2017-12-14 10:39 - 2016-12-27 02:55 - 000000000 ____D C:\Windows\system32\MRT
2017-12-14 10:36 - 2017-10-11 08:02 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-14 10:36 - 2016-12-27 02:54 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-13 08:18 - 2017-01-01 09:24 - 000000000 ____D C:\DOUG - ditch when done
2017-12-10 08:25 - 2017-07-21 10:33 - 000000000 ____D C:\Program Files\rempl
2017-12-09 09:34 - 2017-01-29 10:15 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-06 10:28 - 2017-09-16 13:05 - 000000000 ____D C:\00 GIMP ditch when done
2017-12-01 14:40 - 2017-01-06 08:21 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-29 09:02 - 2016-02-13 21:11 - 000341024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-29 08:18 - 2017-11-28 11:58 - 000002368 _____ C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-29 08:18 - 2016-12-26 20:26 - 000000000 ___RD C:\Users\Doug\OneDrive
 
==================== Files in the root of some directories =======
 
2017-09-18 09:04 - 2017-09-18 09:04 - 000002062 _____ () C:\Users\Doug\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
2017-12-26 08:00 - 2017-12-29 08:40 - 006242320 _____ (Microsoft Corporation) C:\Users\Doug\AppData\Local\Temp\Windows10Upgrade.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-08-09 00:16
 
==================== End of FRST.txt ============================
 
Results of Addition.txt below:
------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Doug (29-12-2017 12:04:42)
Running from C:\Users\Doug\Desktop
Windows 10 Home Version 1511 10586.1106 (X64) (2016-12-26 12:16:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3734265924-3626069331-3154640717-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3734265924-3626069331-3154640717-503 - Limited - Disabled)
Doug (S-1-5-21-3734265924-3626069331-3154640717-1001 - Administrator - Enabled) => C:\Users\Doug
Guest (S-1-5-21-3734265924-3626069331-3154640717-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3006 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\Host App Service) (Version: 0.273.2.512 - SweetLabs)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BitZipper 2015 (HKLM-x32\...\BitZipper_is1) (Version: 2015.14.12.18 - Bitberry Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1620.2 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 3.0.0.1104 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7806 - Realtek Semiconductor Corp.)
Restore Windows Photo Viewer for Windows 10 (HKLM\...\Restore Windows Photo Viewer for Windows 10_is1) (Version:  - Authorsoft Corporation)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebM Project Directshow Filters (HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WinDirStat 1.1.2 (HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\WinDirStat) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-24] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-24] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-24] (AVAST Software)
ContextMenuHandlers1: [BitZipper32] -> {D5906221-A717-479B-9B49-CD848F9CE816} => C:\Program Files (x86)\BitZipper\BZShlExt64.dll [2012-10-17] (Bitberry Software)
ContextMenuHandlers1: [BitZipper64] -> {9176020F-4A61-4F57-A133-258110EBC765} => C:\Program Files (x86)\BitZipper\BZShlExt64.dll [2012-10-17] (Bitberry Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-24] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-08-09] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-24] (AVAST Software)
ContextMenuHandlers6: [BitZipper32] -> {D5906221-A717-479B-9B49-CD848F9CE816} => C:\Program Files (x86)\BitZipper\BZShlExt64.dll [2012-10-17] (Bitberry Software)
ContextMenuHandlers6: [BitZipper64] -> {9176020F-4A61-4F57-A133-258110EBC765} => C:\Program Files (x86)\BitZipper\BZShlExt64.dll [2012-10-17] (Bitberry Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00634A83-CD62-4A63-B051-84AD8AD79B04} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-06-25] ()
Task: {097A5088-9EA5-4F23-ABE1-ED046A81721B} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-06-18] (Acer Incorporated)
Task: {0FA2513E-F8B3-474E-AE4B-574B2D5252D8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {18C9E540-8432-46E0-A98F-DDC3D98CE625} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {35CF15EC-DDA4-4F0C-9059-EBD04395AD99} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-06-18] (Acer Incorporated)
Task: {3FC5638D-A706-48A1-AA9E-F4B4585A2285} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-06-25] ()
Task: {41B86C8C-30C3-413E-8995-2EB3D6472409} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {4F340656-D89B-4788-8F79-F8A0520D54BF} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\TXE Components\iCLS\IntelPTTEKRecertification.exe [2016-05-24] (Intel® Corporation)
Task: {54BA83F3-5ACA-43B8-8D72-2632B2DEB96D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-09] (AVAST Software)
Task: {54D3592C-E95C-4301-A605-88383060DCBD} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-06-18] (Acer Incorporated)
Task: {59C9C73A-AEDE-42D5-BDF8-7A4D01E2DA52} - System32\Tasks\App Explorer => C:\Users\Doug\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-12-22] (SweetLabs, Inc) <==== ATTENTION
Task: {5BCE5F76-D87A-439A-A5F9-22872CAF2B82} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-25] ()
Task: {67D84B53-B89C-465E-9726-7AD4D9296FC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26] (Google Inc.)
Task: {6E7DFDB5-B6D9-4697-9E8D-DA584C8F0515} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {7DE27B72-18F6-4BA9-9E49-2FE9DCB477FA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {88D3F098-839F-4544-85C8-B636BAC562A6} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {8B953ED2-1ADE-4C29-A4E0-1B23C8A30F39} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {90BA80C2-E86D-4037-9FD4-18DBD93442A1} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {9C36FBFD-7849-405F-963F-A28CC1D453F2} - System32\Tasks\SafeZone scheduled Autoupdate 1482759998 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {CAB0F108-D367-45B5-80BB-57DB64C1C910} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {DAF5F68C-A561-4258-A379-D0052D4F30C8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-24] (AVAST Software)
Task: {DE3D9D9F-15E7-47A0-96A4-5CC06E00969C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {E4F5EAAA-1C82-43AA-8D19-FE58E9662866} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F1D4FC08-9777-41AA-AFF0-4EAA0654C122} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F30BAD50-6D1C-4BDE-8234-65316FE196A4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {FAB5BCEA-C425-449F-BE5B-1EAC7234B8AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-16 09:38 - 2017-03-04 13:31 - 000185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-23 07:45 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-23 07:45 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-13 13:12 - 2017-09-05 17:31 - 002656960 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-26 21:28 - 2016-12-26 21:28 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 20:54 - 2016-02-13 20:54 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-12-27 02:43 - 2016-07-01 11:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-16 09:38 - 2017-03-04 11:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 09:38 - 2017-03-04 11:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 13:13 - 2017-09-05 12:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-13 13:12 - 2017-09-05 12:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-06-25 09:54 - 2016-06-25 09:54 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-12-24 16:51 - 2017-12-24 16:51 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-24 16:51 - 2017-12-24 16:51 - 000067920 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-15 16:48 - 2017-12-06 12:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-15 16:48 - 2017-12-06 12:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000755712 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
2016-12-26 21:28 - 2016-12-26 21:28 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-12-26 21:28 - 2016-12-26 21:28 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-12-24 16:51 - 2017-12-24 16:51 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-24 16:51 - 2017-12-24 16:51 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-24 16:51 - 2017-12-24 16:51 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-07-14 12:17 - 2017-07-14 12:17 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-24 16:51 - 2017-12-24 16:51 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-24 16:50 - 2017-12-24 16:50 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-11-15 08:36 - 2017-11-15 08:36 - 000015136 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 12:35 - 2017-09-26 12:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 12:34 - 2017-09-26 12:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2017-12-14 08:32 - 2017-12-14 09:29 - 000147456 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2017-12-14 08:32 - 2017-12-14 09:29 - 000384000 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000013824 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000796160 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000039424 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000680448 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000114688 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 060634941 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000930304 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000015374 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000863744 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000081408 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2017-12-14 08:32 - 2017-12-14 09:29 - 000095744 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000361472 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2017-12-14 08:32 - 2017-12-14 09:29 - 000092160 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000086528 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000053760 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000839168 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 204952909 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\App.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 000456192 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2017-12-14 08:32 - 2017-12-14 08:33 - 006611763 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2015-10-30 15:21 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3734265924-3626069331-3154640717-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3023D5F2-83AF-4ADB-A94C-7877DD53008F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FE8E7B84-D578-4E22-8C92-97E0A020D5F9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{C3EF4A8F-1C28-4F94-844C-A78BE9C2CA55}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{966E9601-A0FA-44AC-99EF-9B3BE5A086DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF3D7A2D-7D3A-4EB3-B20A-2D31F71BEE67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4F67D6F-70EF-43ED-83EF-F8D25307E963}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69D8561-A6C5-48E2-9F27-ED98E1783B08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8EEBB0F1-9E44-4930-ACED-0E45A9F39CB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E463BF90-1420-464A-95FB-C53846B91F18}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{D1CF065A-2586-4246-860E-5BA32005F653}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6785CE35-000F-49B3-8616-346A32F19F91}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{D56B3DD1-7C59-4FA0-8DDD-B5366871A956}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-12-2017 09:13:11 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2017 09:13:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/29/2017 08:36:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-FG39KSMG)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/28/2017 01:10:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1297
 
Error: (12/28/2017 01:10:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1297
 
Error: (12/28/2017 01:10:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/28/2017 01:06:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1994453
 
Error: (12/28/2017 01:06:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1994453
 
Error: (12/28/2017 01:06:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/28/2017 12:33:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7312
 
Error: (12/28/2017 12:33:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7312
 
 
System errors:
=============
Error: (12/29/2017 08:36:15 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.
 
Error: (12/28/2017 12:32:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_a0876 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/28/2017 12:32:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_a0876 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/28/2017 12:32:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_a0876 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/28/2017 12:32:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a0876 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/28/2017 09:53:31 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/28/2017 09:06:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID 
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/28/2017 09:06:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID 
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/28/2017 09:06:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID 
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/28/2017 09:04:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID 
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-24 17:04:08.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-23 07:48:45.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-19 07:56:25.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-17 08:33:33.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-05 08:11:58.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-03 08:54:30.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-29 10:20:55.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-29 10:04:13.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-28 11:55:36.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-28 10:21:07.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N3350 @ 1.10GHz
Percentage of memory in use: 61%
Total physical RAM: 3924.28 MB
Available physical RAM: 1503.48 MB
Total Virtual: 4628.28 MB
Available Virtual: 1753.2 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:28.01 GB) (Free:1.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 651ADD96)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Any help would be greatly appreciated!  :D
 
 
 

  • 0

Advertisements

#2
OZDOUG
Posted 21 January 2018 - 06:40 PM

OZDOUG

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Hi G2G,

How do I delete this post?  I am sure the problem has gone away so wanted to take this post away........?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: remsh, High CPU

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP