1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress amazon assistant aa hta virus

Discussion in 'Virus & Other Malware Removal' started by maggie88ca, Jun 28, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. maggie88ca

    maggie88ca Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    160
    can someone please help me to remove this
    here are the farbar logs

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
    Ran by pmcin (administrator) on LAPTOP-S2MJLQRH (28-06-2017 18:45:02)
    Running from C:\Users\pmcin\Downloads
    Loaded Profiles: pmcin (Available Profiles: pmcin)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
    (Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (SweetLabs, Inc) C:\Users\pmcin\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
    (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
    () C:\OEM\Preload\FubTracking\FubTracking.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
    (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16473344 2016-03-24] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-08-18] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKU\S-1-5-21-2431516657-3315794798-938488331-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer)
    HKU\S-1-5-21-2431516657-3315794798-938488331-1001\...\Run: [GoogleChromeAutoLaunch_CBE2B50E1C3AEB67A3C4D79CC98E5790] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
    ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
    ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
    ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-27]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe (McAfee, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{441b4edc-db28-47bc-bc81-5c724d9b5092}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2431516657-3315794798-938488331-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
    SearchScopes: HKU\S-1-5-21-2431516657-3315794798-938488331-1001 -> DefaultScope {E210BEF4-1B7B-483D-B6DC-943AEA2B87B5} URL =
    SearchScopes: HKU\S-1-5-21-2431516657-3315794798-938488331-1001 -> {6B35593D-3EC5-45E8-BA82-A897089A420F} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2431516657-3315794798-938488331-1001 -> {E210BEF4-1B7B-483D-B6DC-943AEA2B87B5} URL =
    BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
    BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-17] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-17] (Microsoft Corporation)
    BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
    BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-17] (Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-17] (Microsoft Corporation)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\pmcin\AppData\Roaming\Mozilla\Firefox\Profiles\k3navubg.default [2017-06-27]
    FF Extension: (Amazon Assistant for Firefox) - C:\Users\pmcin\AppData\Roaming\Mozilla\Firefox\Profiles\k3navubg.default\Extensions\[email protected] [2016-07-25]
    FF Extension: (English (US) Language Pack) - C:\Users\pmcin\AppData\Roaming\Mozilla\Firefox\Profiles\k3navubg.default\Extensions\[email protected] [2016-07-25]
    FF Extension: (Mozilla Partner Defaults) - C:\Users\pmcin\AppData\Roaming\Mozilla\Firefox\Profiles\k3navubg.default\Extensions\[email protected] [2016-07-25]
    FF Extension: (Youtube Unblocker Remediation) - C:\Users\pmcin\AppData\Roaming\Mozilla\Firefox\Profiles\k3navubg.default\features\{edf72274-d2e9-4a9c-a011-57cde0fd61a3}\[email protected] [2017-05-06]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-01-02]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default [2017-06-28]
    CHR Extension: (Google Slides) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-07]
    CHR Extension: (Google Docs) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-07]
    CHR Extension: (Google Drive) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-07]
    CHR Extension: (YouTube) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-07]
    CHR Extension: (Adobe Acrobat) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-20]
    CHR Extension: (Google Sheets) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-07]
    CHR Extension: (Google Docs Offline) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-07]
    CHR Extension: (Pinterest Save Button) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-24]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-06-27]
    CHR Extension: (Google Keep Chrome Extension) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-03-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
    CHR Extension: (Gmail) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-07]
    CHR Extension: (Chrome Media Router) - C:\Users\pmcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKU\S-1-5-21-2431516657-3315794798-938488331-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
    R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
    R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
    S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-07] (Intel Corporation)
    S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-07] (Intel Corporation)
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-08-18] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-07] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel(R) Corporation)
    S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-02-05] (Intel Corporation) [File not signed]
    R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
    R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-02-05] (Intel Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
    R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [404368 2017-06-23] (McAfee, Inc.)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
    R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-03-10] (Acer Incorporated)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-03-10] (Acer Incorporated)
    R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [185416 2015-09-06] (ELAN Microelectronic Corp.)
    R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-07] (Intel Corporation)
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-14] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [509728 2017-03-14] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-14] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-01-02] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
    R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
    R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-22] (AO Kaspersky Lab)
    R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-06-27] (AO Kaspersky Lab)
    R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251664 2017-06-22] (AO Kaspersky Lab)
    R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-22] (AO Kaspersky Lab)
    R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-22] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-14] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-03-14] (AO Kaspersky Lab)
    R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21408 2016-03-10] (Acer Incorporated)
    S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
    R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14752 2016-03-10] (Acer Incorporated)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek )
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
    S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-28 18:45 - 2017-06-28 18:46 - 00025392 _____ C:\Users\pmcin\Downloads\FRST.txt
    2017-06-28 18:44 - 2017-06-28 18:45 - 00000000 ____D C:\FRST
    2017-06-28 18:41 - 2017-06-28 18:44 - 02440704 _____ (Farbar) C:\Users\pmcin\Downloads\FRST64.exe
    2017-06-28 18:35 - 2017-06-28 18:35 - 00000000 ___HD C:\OneDriveTemp
    2017-06-27 18:02 - 2017-06-27 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-06-27 18:02 - 2017-06-27 18:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2017-06-27 17:43 - 2017-06-27 17:43 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
    2017-06-27 17:40 - 2017-06-27 17:41 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
    2017-06-27 17:15 - 2017-06-27 17:15 - 01043558 _____ C:\Users\pmcin\Desktop\CVCD-07-03-1113-2D_Axial_FLAIR-AllSlicesStacked (1).mov
    2017-06-27 17:13 - 2017-06-27 17:13 - 01043558 _____ C:\Users\pmcin\Desktop\CVCD-07-03-1113-2D_Axial_FLAIR-AllSlicesStacked.mov
    2017-06-27 17:13 - 2017-06-27 17:13 - 00365169 _____ C:\Users\pmcin\Desktop\CVCD-07-03-1113-CINE_segmented_4CH-20-slice1.mov
    2017-06-22 20:35 - 2017-06-22 20:35 - 00251664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
    2017-06-22 20:34 - 2017-06-22 20:34 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
    2017-06-22 20:34 - 2017-06-22 20:34 - 00173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
    2017-06-22 20:34 - 2017-06-22 20:34 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
    2017-06-20 14:44 - 2017-06-20 14:44 - 00000000 ____D C:\Program Files (x86)\Amazon
    2017-06-19 22:03 - 2017-06-19 22:03 - 00037847 _____ C:\Users\pmcin\Downloads\17-0060LTC - Teacher Outdoor Ed Overnight ACT (1).pdf
    2017-06-19 21:59 - 2017-06-19 21:59 - 00042159 _____ C:\Users\pmcin\Downloads\17-0015LTC - Teacher, Autism ISP - Special Ed(REPOSTING).pdf
    2017-06-19 21:57 - 2017-06-19 21:57 - 00061411 _____ C:\Users\pmcin\Downloads\17-0009LTC-D - Teacher, DD, Griffin, TDES - Sec 23(REPOSTING).pdf
    2017-06-19 21:55 - 2017-06-19 21:55 - 00058566 _____ C:\Users\pmcin\Downloads\17-0076LTC - K-12 Learning Coach - LC1.pdf
    2017-06-19 21:54 - 2017-06-19 21:54 - 00040388 _____ C:\Users\pmcin\Downloads\Consultants, Special Ed - LC 1, 2, & 4_REVISED.pdf
    2017-06-19 21:44 - 2017-06-19 21:44 - 00041476 _____ C:\Users\pmcin\Downloads\17-0075LTC - Coach Early Reading LC4.pdf
    2017-06-19 21:43 - 2017-06-19 21:43 - 00041633 _____ C:\Users\pmcin\Downloads\17-0053LTC - B -Teacher Sec 23 Etobicoke Children's Centre Silvercreek site.pdf
    2017-06-19 21:40 - 2017-06-19 21:40 - 00045525 _____ C:\Users\pmcin\Downloads\17-0069LTC- Coordinator, Music.pdf
    2017-06-19 21:37 - 2017-06-19 21:37 - 00038319 _____ C:\Users\pmcin\Downloads\17-0059LTC - Teacher Outdoor Ed Day Centre.pdf
    2017-06-19 21:32 - 2017-06-19 21:32 - 00039293 _____ C:\Users\pmcin\Downloads\17-0079LTC - Teacher, ESL-ELD Itinerant -Teaching & Learning.pdf
    2017-06-19 21:32 - 2017-06-19 21:32 - 00037847 _____ C:\Users\pmcin\Downloads\17-0060LTC - Teacher Outdoor Ed Overnight ACT.pdf
    2017-06-15 19:43 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-15 19:43 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2017-06-15 19:43 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-06-15 19:43 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
    2017-06-15 19:43 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2017-06-15 19:43 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2017-06-15 19:43 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-06-15 19:43 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-15 19:43 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-06-15 19:43 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-15 19:43 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-15 19:43 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-15 19:43 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-06-15 19:43 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-15 19:43 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-15 19:43 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-06-15 19:43 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-06-15 19:43 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-06-15 19:43 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-06-15 19:43 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2017-06-15 19:43 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2017-06-15 19:43 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2017-06-15 19:43 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-15 19:43 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2017-06-15 19:43 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-06-15 19:43 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2017-06-15 19:43 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-15 19:43 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-06-15 19:43 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-06-15 19:43 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2017-06-15 19:43 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-15 19:43 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-15 19:43 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2017-06-15 19:43 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2017-06-15 19:43 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-15 19:43 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-06-15 19:43 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-15 19:43 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-15 19:43 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-15 19:43 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-15 19:43 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-15 19:43 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-15 19:43 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-06-15 19:43 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-15 19:43 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-15 19:43 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
    2017-06-15 19:43 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-15 19:43 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2017-06-15 19:43 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
    2017-06-15 19:43 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-06-15 19:43 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
    2017-06-15 19:43 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-15 19:43 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-15 19:43 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2017-06-15 19:43 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
    2017-06-15 19:43 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
    2017-06-15 19:43 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-06-15 19:43 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
    2017-06-15 19:43 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-15 19:43 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2017-06-15 19:43 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-15 19:43 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-15 19:43 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-15 19:43 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-15 19:43 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-15 19:43 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-15 19:43 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-15 19:43 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-15 19:43 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-15 19:43 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-15 19:43 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-15 19:43 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
    2017-06-15 19:43 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2017-06-15 19:43 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2017-06-15 19:43 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
    2017-06-15 19:43 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
    2017-06-15 19:43 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2017-06-15 19:43 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
    2017-06-15 19:43 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
    2017-06-15 19:43 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-15 19:43 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-15 19:43 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2017-06-15 19:43 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-15 19:43 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-06-15 19:43 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-15 19:43 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-15 19:43 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2017-06-15 19:43 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
    2017-06-15 19:43 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-15 19:43 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2017-06-15 19:43 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-06-15 19:43 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
    2017-06-15 19:43 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-15 19:43 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-15 19:43 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-15 19:43 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-15 19:43 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-06-15 19:43 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-15 19:43 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-06-15 19:43 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-15 19:43 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
    2017-06-15 19:43 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-15 19:43 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2017-06-15 19:43 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-15 19:43 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-15 19:43 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2017-06-15 19:43 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-15 19:43 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2017-06-15 19:43 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
    2017-06-15 19:43 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2017-06-15 19:43 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-15 19:43 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-15 19:43 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-15 19:43 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-15 19:43 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-15 19:43 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-06-15 19:43 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-15 19:43 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-15 19:43 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-15 19:43 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
    2017-06-15 19:43 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-06-15 19:43 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-15 19:43 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-15 19:43 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-06-15 19:43 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-15 19:43 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-15 19:43 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
    2017-06-15 19:43 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
    2017-06-15 19:43 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-06-15 19:43 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2017-06-15 19:43 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2017-06-15 19:43 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
    2017-06-15 19:43 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
    2017-06-15 19:22 - 2017-06-27 18:15 - 00000000 ____D C:\Users\pmcin\Desktop\Siding
    2017-06-11 18:20 - 2017-06-11 18:20 - 01799859 _____ C:\Users\pmcin\Desktop\FUNDRASING_INFORMATION_PARTICIPANT_MAY_17_1_.pdf
    2017-06-11 18:19 - 2017-06-11 18:19 - 01799859 _____ C:\Users\pmcin\Downloads\FUNDRASING_INFORMATION_PARTICIPANT_MAY_17_1_.pdf
    2017-06-06 21:11 - 2017-06-06 21:11 - 01616850 _____ C:\Users\pmcin\Downloads\HW Covers.pdf
    2017-06-04 22:15 - 2017-06-24 09:50 - 00001226 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-06-04 16:06 - 2017-06-04 16:07 - 00452608 _____ C:\Users\pmcin\Downloads\AwayTowards.ppt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-28 18:40 - 2016-03-18 09:38 - 01200582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-06-28 18:39 - 2016-07-07 16:17 - 00000000 ____D C:\Users\pmcin\AppData\Local\Host App Service
    2017-06-28 18:37 - 2016-07-11 22:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2017-06-28 18:35 - 2016-07-07 16:27 - 00000000 ___RD C:\Users\pmcin\OneDrive
    2017-06-28 18:34 - 2016-07-07 16:22 - 00000000 __SHD C:\Users\pmcin\IntelGraphicsProfiles
    2017-06-28 18:33 - 2016-08-25 23:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-06-28 18:33 - 2016-08-25 23:40 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-06-28 18:33 - 2016-07-16 02:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
    2017-06-28 18:14 - 2016-08-25 23:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-06-28 16:48 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-06-28 16:35 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-06-28 16:32 - 2016-07-07 18:27 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-06-28 16:32 - 2016-07-07 18:27 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-06-27 18:44 - 2016-07-07 16:22 - 00000000 ____D C:\Users\pmcin\AppData\Local\Packages
    2017-06-27 18:36 - 2017-05-14 12:19 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2017-06-27 18:02 - 2017-04-02 16:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2017-06-27 18:02 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
    2017-06-27 17:59 - 2016-02-13 09:20 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-27 17:42 - 2016-08-25 23:37 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-27 17:42 - 2016-03-18 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-06-27 17:40 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-06-27 17:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-27 17:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-06-27 17:37 - 2016-08-25 23:43 - 00000000 ____D C:\Users\pmcin
    2017-06-27 17:34 - 2016-08-10 17:17 - 00000000 ____D C:\Users\pmcin\AppData\Local\CrashDumps
    2017-06-24 09:50 - 2016-03-18 09:34 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-06-24 09:50 - 2016-03-18 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-20 17:30 - 2016-12-15 20:56 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-20 17:30 - 2016-07-07 16:27 - 00002367 _____ C:\Users\pmcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-20 14:44 - 2017-03-04 22:46 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
    2017-06-18 11:11 - 2016-05-13 19:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-06-17 10:57 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-06-15 20:21 - 2016-07-09 09:48 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-15 20:17 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-15 20:17 - 2016-07-09 09:48 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-15 19:23 - 2017-04-02 13:22 - 00000000 ____D C:\Users\pmcin\Documents\ECO Schools
    2017-06-15 19:22 - 2016-12-26 21:25 - 00000000 ____D C:\Users\pmcin\Desktop\Work
    2017-06-04 22:23 - 2017-03-25 20:34 - 00000000 ____D C:\Users\pmcin\Documents\2016-2017 Hockey
    2017-06-04 16:25 - 2017-04-02 13:23 - 00000000 ____D C:\Users\pmcin\Documents\Work
    2017-06-03 02:36 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-06-03 02:36 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-05-30 20:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache

    ==================== Files in the root of some directories =======

    2016-08-25 23:40 - 2016-08-25 23:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2017-05-27 09:10 - 2017-05-27 09:11 - 39415032 _____ (SweetLabs,Inc.) C:\Users\pmcin\AppData\Local\Temp\oct5C30.tmp.exe
    2017-06-27 18:00 - 2017-06-27 18:00 - 39842360 _____ (SweetLabs,Inc.) C:\Users\pmcin\AppData\Local\Temp\oct9BF6.tmp.exe
    2017-05-07 09:56 - 2017-05-07 09:56 - 39394224 _____ (SweetLabs,Inc.) C:\Users\pmcin\AppData\Local\Temp\octA09A.tmp.exe
    2016-09-20 18:30 - 2016-09-20 18:32 - 58523032 _____ (SweetLabs,Inc.) C:\Users\pmcin\AppData\Local\Temp\octD7C9.tmp.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-06-12 16:44

    ==================== End of FRST.txt ============================
     
  2. maggie88ca

    maggie88ca Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    160
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
    Ran by pmcin (28-06-2017 18:46:21)
    Running from C:\Users\pmcin\Downloads
    Windows 10 Home Version 1607 (X64) (2016-08-26 04:02:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2431516657-3315794798-938488331-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2431516657-3315794798-938488331-503 - Limited - Disabled)
    Guest (S-1-5-21-2431516657-3315794798-938488331-501 - Limited - Disabled)
    pmcin (S-1-5-21-2431516657-3315794798-938488331-1001 - Administrator - Enabled) => C:\Users\pmcin

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-e2264c86-7b6b-4d04-8dcc-80eff14c0323) (Version: 3.0.2.118 - WildTangent) Hidden
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
    Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3003 - Acer Incorporated)
    Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
    App Explorer (HKU\S-1-5-21-2431516657-3315794798-938488331-1001\...\Host App Service) (Version: 0.273.2.175 - SweetLabs)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
    Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.0.14.0 - Dashlane SAS)
    DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
    ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
    Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
    Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Home Makeover (HKLM-x32\...\WTA-678bc76b-dea9-4099-827f-0f6a7ed40cfb) (Version: 3.0.2.59 - WildTangent) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
    IntelĀ® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
    Jewel Match 3 (HKLM-x32\...\WTA-0529e840-6d4e-486b-8667-84177e2334b9) (Version: 2.2.0.97 - WildTangent) Hidden
    Jewel Match Snowscapes (HKLM-x32\...\WTA-81b3cbab-e362-4204-9961-493b5ad7cc60) (Version: 3.0.2.118 - WildTangent) Hidden
    Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
    Magic Academy (HKLM-x32\...\WTA-444b39d5-0951-4da8-95a2-472fbe5cdedc) (Version: 2.2.0.97 - WildTangent) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.584.4 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2431516657-3315794798-938488331-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
    NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-6618b014-c20d-47cf-88a7-9f7506c2d083) (Version: 3.0.2.59 - WildTangent) Hidden
    Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7779 - Realtek Semiconductor Corp.)
    Rory's Restaurant (HKLM-x32\...\WTA-76da8071-465d-41a1-bf51-d722c14119eb) (Version: 3.0.2.126 - WildTangent) Hidden
    Runefall (HKLM-x32\...\WTA-e51e4bf4-2659-4543-a42f-6a4328a3363b) (Version: 3.0.2.126 - WildTangent) Hidden
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 5.1.0270 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
    Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05CAF734-8BF4-47DB-AB3F-72168373005D} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
    Task: {0A55CDDE-7392-467B-A369-04025527A713} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {12332D58-EB04-4A13-8AF4-919A7D1CF9D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
    Task: {1804240A-EF3D-4ECC-B68F-04392FEA659F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
    Task: {1FCB38A1-7197-4043-8668-B69BFD916785} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
    Task: {230FAB44-8D9E-4616-AE69-6BCBC0E04B21} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
    Task: {278F59C5-9F1E-457E-B51F-065ADB8912AF} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
    Task: {2FF817FA-9E99-4D12-8F4D-D0A66972FE58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-17] (Microsoft Corporation)
    Task: {34DDEF89-F85C-4B89-9F3D-417F02CA84EC} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-03-10] (Acer Incorporated)
    Task: {3598948E-50DB-48D7-AAD4-70837AF49424} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-17] ()
    Task: {4555D92C-4B4B-4D78-9DFB-5B266B9C684D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-17] (Microsoft Corporation)
    Task: {756BC4C8-50FF-4010-9917-4BA4FDB26534} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
    Task: {76636540-2F29-466B-9587-12DCF821C9CC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\pmcin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {8F899923-A05D-490D-9C09-82FFF84FD4C0} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-07-18] (Acer Incorporated)
    Task: {9CCC46AF-42DF-47C8-BDFB-0BBF3B798219} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()
    Task: {9D5A0023-0AC5-4198-AAF3-C3D61B2E72E0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-17] ()
    Task: {A094F08B-EF13-483A-808B-150C296A70B5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
    Task: {A21F2FE9-2FC4-49DF-8C97-842B1FDDA831} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-03-10] (Acer Incorporated)
    Task: {B6923D20-465D-4E96-9222-CA008A79A6DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.)
    Task: {D35E85F4-FC6F-4041-9620-8C08B5BCAF1E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
    Task: {E147D13B-4C42-49ED-BBEF-23CF930D8E66} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel(R) Corporation)
    Task: {E65BA153-4D01-4C63-81AD-9043F326D03A} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
    Task: {EEC15FA2-2834-4E00-8FBD-5F82099F06B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.)
    Task: {F658825D-1081-45FB-BD02-BA52E2C3C833} - System32\Tasks\App Explorer => C:\Users\pmcin\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-06-22] (SweetLabs, Inc)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\pmcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2017-06-15 19:43 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-03-04 20:26 - 2016-03-04 20:26 - 05570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
    2016-05-13 20:43 - 2016-02-17 02:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-05-13 20:43 - 2016-02-17 02:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-05-13 20:43 - 2016-02-17 02:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2017-06-14 13:11 - 2017-06-14 13:11 - 00104624 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
    2016-08-25 23:40 - 2016-12-29 09:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-07-09 16:27 - 2017-06-17 10:52 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-09-19 17:09 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-03-16 14:27 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-03-16 14:28 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-03-16 14:28 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-03-16 14:28 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-06-15 19:43 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-06-15 19:43 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-06-15 19:43 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-06-21 17:30 - 2017-06-21 17:30 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-06-21 17:30 - 2017-06-21 17:30 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-06-21 17:30 - 2017-06-21 17:30 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-06-21 17:30 - 2017-06-21 17:30 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
    2016-05-13 21:16 - 2015-05-14 03:10 - 00030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
    2017-06-28 16:32 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
    2017-06-28 16:32 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
    2016-01-20 14:50 - 2016-01-20 14:50 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    2017-03-16 14:28 - 2017-03-04 02:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
    2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
    2016-05-13 20:43 - 2016-02-17 03:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-09-09 10:51 - 2016-09-09 10:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
    2016-09-09 10:51 - 2016-09-09 10:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
    2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
    2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
    2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
    2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
    2016-09-20 18:33 - 2016-09-20 18:33 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2016-08-30 15:09 - 2016-08-30 15:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2016-08-30 15:05 - 2016-08-30 15:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2016-02-11 20:47 - 2016-02-11 20:47 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\amazon.ca -> hxxps://amazon.ca
    IE trusted site: HKU\S-1-5-21-2431516657-3315794798-938488331-1001\...\garmin.com -> hxxps://my.garmin.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 03:24 - 2017-06-27 18:02 - 00000861 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2431516657-3315794798-938488331-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pmcin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{B3DC446B-FD49-41BC-A7E2-1E85880044DC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{5B3BF411-0BD9-4D94-9035-30F7913EF625}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{EB7D1ABA-3024-45C2-9FBD-F4F56B2E3AAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{3FC750C4-F422-4408-A83A-F4F247EB54B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{CF298415-96BC-46FF-A8A7-6EF06DB97ECC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{6E42A0E9-A039-4380-9D68-728CDA7DA3E3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{962AD672-8B3D-4A78-A2DE-10969B5968C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{91966BC7-9C24-41FF-BC47-C6DCF612F2AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{4E6067F1-2DC0-4E0A-BF15-8296EC184B18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{C7203B3B-5357-4750-8E9A-1A314E96202B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{B673F82E-7431-47CB-80DB-98DF8D94D876}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{540B41A5-3FFC-425C-94FA-C10525785AD4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{4EA1AB1B-AA22-4CFD-B7F7-E4941A73827B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{D7F468E5-3272-47A6-879F-1E3EAD3137EF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{7C9C6671-63E9-453A-8520-723836739977}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{EA96521F-8ED1-44E4-A9F9-D6069FE6FA2A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{81CF120D-ECA6-433D-A766-A06CFC713C9F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{D4E1D6E2-6167-4111-8533-BB6C1EEC5CE0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{3A5FC096-44B7-46BE-AC55-92437D264FF2}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{43311CE8-356C-4236-B9CB-C9A1A151AD22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{BCE634F6-B7F3-46BD-9588-6AF7FB46471F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F3CD634D-20C9-44C9-824E-F302531DD101}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{3046E6BF-9393-4E3C-8F07-5FB30F968B7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{DBC3D4C7-9337-4176-B630-1A5AD9559C76}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{49D1DA5D-FA8D-4319-84F3-DEF6AE7F54D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{0E0703F5-A475-4F70-A526-B5855A342988}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{1C10CC59-4427-4EB3-95EF-F17CFB269423}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    07-06-2017 21:16:48 Scheduled Checkpoint
    15-06-2017 19:45:05 Windows Update
    15-06-2017 19:47:05 Windows Update
    22-06-2017 20:56:20 Scheduled Checkpoint
    28-06-2017 18:29:00 Removed Adobe Acrobat Reader DC.

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/28/2017 06:38:19 PM) (Source: MsiInstaller) (EventID: 11730) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

    Error: (06/28/2017 06:37:19 PM) (Source: MsiInstaller) (EventID: 11730) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

    Error: (06/28/2017 06:32:28 PM) (Source: MsiInstaller) (EventID: 11730) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

    Error: (06/28/2017 06:30:56 PM) (Source: MsiInstaller) (EventID: 11500) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

    Error: (06/28/2017 06:30:51 PM) (Source: MsiInstaller) (EventID: 11500) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

    Error: (06/28/2017 06:30:22 PM) (Source: MsiInstaller) (EventID: 11500) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

    Error: (06/28/2017 06:30:21 PM) (Source: MsiInstaller) (EventID: 11500) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

    Error: (06/28/2017 06:30:20 PM) (Source: MsiInstaller) (EventID: 11500) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

    Error: (06/28/2017 06:29:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (06/28/2017 06:25:52 PM) (Source: MsiInstaller) (EventID: 11730) (User: LAPTOP-S2MJLQRH)
    Description: Product: Amazon Assistant -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.


    System errors:
    =============
    Error: (06/28/2017 06:34:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2017 06:33:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The InstallerService service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/28/2017 06:32:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2017 01:54:35 AM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (06/27/2017 10:54:19 PM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (06/27/2017 06:19:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/27/2017 06:19:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The InstallerService service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (06/27/2017 06:18:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/27/2017 05:59:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/27/2017 05:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The InstallerService service failed to start due to the following error:
    The system cannot find the file specified.


    CodeIntegrity:
    ===================================
    Date: 2017-05-15 18:14:25.079
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-05-07 16:51:18.195
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-24 17:48:25.578
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-14 22:01:28.070
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
    Percentage of memory in use: 28%
    Total physical RAM: 12135.4 MB
    Available physical RAM: 8737.06 MB
    Total Virtual: 13991.4 MB
    Available Virtual: 10561.5 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:822.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 79E6D096)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,758
    First Name:
    Derek
    have you tried to uninstall it from control panel / program features /uninstall a program
    it is there and normally uninstalls properly
     
  4. maggie88ca

    maggie88ca Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    160
    it wouldnt allow me before but i just kept trying and it seems to have worked now

    thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1192209

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice