Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Need to clean up laptop

Inactive 
862 views 9 replies 2 participants last post by  DR.M 
#1 ·
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 8.1, 64 bit, Build 9600, Installed 20191120100102.000000-360
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz, Intel64 Family 6 Model 55 Stepping 8, CPU Count: 4
Total Physical RAM: 4 GB
Graphics Card: Intel(R) HD Graphics
Hard Drives: C: 448 GB (391 GB Free);
Motherboard: Acer Aspire E5-511P, ver V1.06, s/n NXMNZAA009447148103400
System: Acer, ver ACRSYS - 3, s/n NXMNZAA009447148103400
Antivirus: Windows Defender, Enabled and Updated

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-01-2021
Ran by Nola (administrator) on GRAMMASROOM (Acer Aspire E5-511P) (23-01-2021 19:35:38)
Running from C:\Users\Nola\Downloads
Loaded Profiles: Nola
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(GameHouse Europe B.V. -> GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(GameHouse Europe B.V. -> RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <29>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.2023\SSScheduler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19750_none_fa39f32f9b2d0928\TiWorker.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Pokki, Inc. -> Pokki) C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe <2>
(Pokki, Inc. -> Pokki) C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki, Inc. -> Pokki) C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe******************************************************************** [53504 2014-06-26] () [File not signed]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\RunOnce: [Application Restart #2] => C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [9581800 2020-12-03] (Pokki, Inc. -> Pokki)
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\Windows\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [383496 2014-12-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.92\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{981b174d-7733-4e7f-b89d-6545a7c21838}] -> c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe [2014-05-06] (Amazon) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2020-12-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2023\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D45255-A6B1-417E-A5B1-F76FF963BC5F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [490728 2014-06-17] (Acer Incorporated -> Acer Incorporated)
Task: {16BF7AD5-00CC-4C6C-B0C9-3C5210F1FA12} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [99072 2014-07-01] (Acer Incorporated -> )
Task: {3ED5350E-F568-45B4-95E2-6D416956ABFF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2014-01-06] (Acer Incorporated -> Acer Incorporated)
Task: {481CEB3B-E31C-4B7E-AD72-F5CC0122B61E} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [25344 2013-12-19] (Acer Incorporated -> Acer Incorporated)
Task: {519A1C50-5ADB-4E04-B8A9-9ACB69AE44E3} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [25344 2013-12-19] (Acer Incorporated -> Acer Incorporated)
Task: {52C7DE7D-8F80-4D0A-8EEF-6DFE1516B6B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-20] (Google Inc -> Google LLC)
Task: {52EDCD52-A841-4E70-AF8D-834A234F6228} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41728 2014-07-01] (Acer Incorporated -> )
Task: {55F2114F-61DE-4F66-8668-140169E43C44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-20] (Google Inc -> Google LLC)
Task: {7D183C31-5FB3-4510-A814-8AB53556FADF} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [40192 2013-12-19] (Acer Incorporated -> Acer Incorporated)
Task: {800A0CF6-05E4-4F85-88CD-50813DE926AE} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [323840 2013-12-19] (Acer Incorporated -> Acer Incorporated)
Task: {8E08C1BB-79EB-42A5-8C5A-170E116BC4EF} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [324328 2014-06-26] (Acer Incorporated -> Acer Incorporate)
Task: {98F6BBDC-0A25-4BF0-AE9B-F0B63C5CD95E} - System32\Tasks\Upgrade Acer Care Center Application => C:\ProgramData\OEM\UpgradeTool\CareCenter\UpgradeTool.exe [1584384 2014-06-30] (Acer Incorporated -> Acer Incorporated)
Task: {9FEEA3E1-4D7A-4004-8097-B796B27E7ED1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [439016 2014-06-10] (Acer Incorporated -> Acer Incorporate)
Task: {A0FBE55A-42AE-4B2C-8166-D858D46C0A28} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2524416 2014-07-01] (Acer Incorporated -> )
Task: {A5AC833A-2F26-4374-8D9A-E734FA44E857} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [324328 2014-06-26] (Acer Incorporated -> Acer Incorporate)
Task: {CE4D23E7-B522-4550-9598-02EE95296576} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [384232 2014-06-12] (Acer Incorporated -> Acer Incorporated)
Task: {DAA6E3C9-AEAC-4CCB-9748-78E562A4F88A} - System32\Tasks\SweetLabs App Platform => C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [10650856 2020-12-03] (Pokki, Inc. -> Pokki)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2D740B14-8DFD-48A5-81FE-F1C5BD5F0B51}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge Profile: C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-20]
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
Edge DefaultSearchURL: Default -> hxxp://search.securybrowse.com/?dss&yh&q={searchTerms}
Edge DefaultSearchKeyword: Default -> securyBrowse
Edge DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
Edge Extension: (Honey) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2020-07-15]
Edge Extension: (Click&Clean) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dacknjoogbepndbemlmljdobinliojbk [2020-07-15]
Edge Extension: (HP Smart Print) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2020-07-15]
Edge Extension: (securyBrowse) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kjincgipkjkimkcmolmajgcfpdjbckgc [2020-08-11]

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-2169875413-863306336-142727359-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Nola\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-12-30] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default [2021-01-23]
CHR Notifications: Default -> hxxps://forums.techguy.org; hxxps://medicare.healthcare.com; hxxps://music.amazon.com; hxxps://myhomenetwork.att.com; hxxps://mypdf.online; hxxps://www.730sagestreet.com; hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.hudforeclosed.com; hxxps://www.medigap.com
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=MBACF4E82-A701-46E8-B62C-54D1B47E47D5&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPBF91A14B-279A-48C3-A2A2-2E56DE59F9DB&SSPV=","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://Lasaoren.com/?f=7&a=lrn_ir_14_45_ie&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0FzzyEyE0CtAtB0BtCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0B0ByDyEtBtDtGtAyEtC0AtGyBtDzz0DtGyEtAyDyBtGtByC0CtCyByB0AyC0EzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyD0F0F0C0A0DtGyC0E0D0FtGyE0E0CtCtG0AyEzyzztGtBtByDtByE0EtDyDtBtA0F0A2Q&cr=233277235&ir=","hxxp://homepage-web.com/?s=acer&m=start","hxxp://www.google.com","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.securybrowse.com/?dss&yh&q={searchTerms}
CHR DefaultSearchKeyword: Default -> securyBrowse
CHR DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
CHR Extension: (Slides) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-20]
CHR Extension: (Docs) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-20]
CHR Extension: (Google Drive) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-20]
CHR Extension: (Honey) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-01-08]
CHR Extension: (Google Search) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-11-20]
CHR Extension: (Metastream Remote) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakegmdomhmegokfomgmkbopjibonfcp [2021-01-03]
CHR Extension: (Sheets) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-25]
CHR Extension: (Click&Clean) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-01-18]
CHR Extension: (HP Smart Print) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2019-11-20]
CHR Extension: (securyBrowse) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjincgipkjkimkcmolmajgcfpdjbckgc [2020-12-05]
CHR Extension: (Interpretation of a Lion) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbongphmapdgdnfgpigagkaonjgnplgf [2020-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-20]
CHR Extension: (Gmail) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-01]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse Europe B.V. -> GameHouse)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3053312 2014-06-26] (Acer Incorporated -> Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated -> Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent Inc -> WildTangent)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporated -> Acer Incorporate)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2023\McCHSvc.exe [408192 2020-11-23] (McAfee, LLC -> McAfee, LLC)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (GameHouse Europe B.V. -> RealNetworks, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporated -> Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporated -> Acer Incorporate)
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated -> Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (Acer Incorporated -> acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (WDKTestCert asix,130126255272009909 -> ASIX Electronics Corp.)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated -> Acer Incorporated)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated -> Acer Incorporated)
S3 SensorsServiceDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Nola\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 MpKsl91e4088c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50811F7D-E6B9-4AAE-AF50-0B30292C1AE5}\MpKslDrv.sys [X]
S3 OCULUSVRHEADSET; \SystemRoot\system32\DRIVERS\OCULUS119B.sys [X]
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-23 19:35 - 2021-01-23 19:38 - 000025401 _____ C:\Users\Nola\Downloads\FRST.txt
2021-01-23 19:34 - 2021-01-23 19:37 - 000000000 ____D C:\FRST
2021-01-23 19:20 - 2021-01-23 19:21 - 005659583 _____ (Swearware) C:\Users\Nola\Downloads\ComboFix.exe
2021-01-23 19:18 - 2021-01-23 19:19 - 002296832 _____ (Farbar) C:\Users\Nola\Downloads\FRST64 (2).exe
2021-01-23 19:09 - 2021-01-23 19:10 - 002296832 _____ (Farbar) C:\Users\Nola\Downloads\FRST64 (1).exe
2021-01-23 19:07 - 2021-01-23 19:08 - 002296832 _____ (Farbar) C:\Users\Nola\Downloads\FRST64.exe
2021-01-18 09:50 - 2021-01-18 09:50 - 000290669 _____ C:\Users\Nola\Downloads\ROGERS-PRICE-LIST-NEW-25.pdf
2021-01-17 03:14 - 2021-01-07 19:21 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-17 03:14 - 2021-01-07 19:13 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-08 12:27 - 2021-01-08 12:27 - 000027919 _____ C:\Users\Nola\Downloads\UT-44037-118722-10012020.pdf
2021-01-04 04:02 - 2021-01-04 04:02 - 000001668 _____ C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Witch's Tales.lnk
2021-01-04 04:02 - 2021-01-04 04:02 - 000001644 _____ C:\Users\Nola\Desktop\Witch's Tales.lnk
2021-01-04 04:02 - 2021-01-04 04:02 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Witch's Tales
2021-01-04 03:45 - 2021-01-04 04:02 - 000000000 ____D C:\Users\Nola\AppData\LocalLow\Shaman Games
2021-01-04 03:43 - 2021-01-04 03:43 - 000001789 _____ C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Hiddenverse - The Iron Tower.lnk
2021-01-04 03:43 - 2021-01-04 03:43 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hiddenverse - The Iron Tower
2021-01-04 03:39 - 2021-01-04 03:39 - 000001947 _____ C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Sea Legends - Phantasmal Light.lnk
2021-01-04 03:39 - 2021-01-04 03:39 - 000001923 _____ C:\Users\Nola\Desktop\Sea Legends - Phantasmal Light.lnk
2021-01-04 03:39 - 2021-01-04 03:39 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sea Legends - Phantasmal Light
2021-01-04 03:33 - 2021-01-04 04:00 - 000000000 ____D C:\Games
2020-12-28 08:54 - 2020-12-28 08:54 - 000246342 _____ C:\Users\Nola\Desktop\DL and food stamp card.pdf
2020-12-27 02:56 - 2020-12-27 02:57 - 001587768 _____ (Roblox Corporation) C:\Users\Nola\Downloads\RobloxPlayerLauncher (1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-23 19:20 - 2019-11-20 10:07 - 000003594 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2169875413-863306336-142727359-1001
2021-01-23 18:12 - 2019-11-20 12:11 - 000000000 ____D C:\Users\Nola\AppData\Local\CrashDumps
2021-01-23 16:24 - 2020-07-15 11:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-23 16:24 - 2020-07-15 11:17 - 000002206 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-23 16:24 - 2020-07-15 11:17 - 000002206 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-23 15:47 - 2019-11-20 10:00 - 000000000 ____D C:\Users\Nola\AppData\Local\SweetLabs App Platform
2021-01-23 15:46 - 2020-07-15 11:16 - 000003380 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-23 15:46 - 2020-07-15 11:16 - 000003252 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-23 15:40 - 2014-03-18 04:03 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-23 15:40 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
2021-01-23 15:39 - 2019-11-20 12:36 - 000003934 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{29B8CB50-65FB-42FF-A0B4-6C35084CD905}
2021-01-23 15:38 - 2020-12-04 18:18 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-01-23 15:38 - 2019-11-20 10:06 - 000000000 ___DO C:\Users\Nola\OneDrive
2021-01-23 15:35 - 2019-11-20 10:00 - 000000000 ____D C:\Users\Nola
2021-01-23 15:34 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-21 15:37 - 2019-11-24 00:21 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-19 02:39 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-01-19 02:39 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-01-19 02:35 - 2013-08-22 08:44 - 000463032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-19 02:32 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-01-19 02:28 - 2013-08-22 09:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-01-18 14:02 - 2020-04-29 17:33 - 000000000 ____D C:\Users\Nola\AppData\Local\Roblox
2021-01-18 13:53 - 2020-04-29 17:33 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-01-17 03:48 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-17 03:48 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-17 03:48 - 2013-08-22 09:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-17 03:46 - 2019-11-24 19:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-17 03:35 - 2019-11-24 19:47 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-08 12:22 - 2019-11-20 12:32 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-08 12:22 - 2019-11-20 12:32 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-08 12:22 - 2019-11-20 12:32 - 000002207 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-04 07:10 - 2014-07-25 06:50 - 000000000 ____D C:\ProgramData\Temp
2021-01-04 04:20 - 2020-09-06 03:28 - 000000000 ____D C:\ProgramData\WinZip
2021-01-04 04:17 - 2020-11-04 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy Interactive
2021-01-04 04:17 - 2020-11-04 14:15 - 000000000 ____D C:\Program Files (x86)\Legacy Interactive
2021-01-04 04:17 - 2020-11-04 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy Games
2021-01-04 04:17 - 2020-11-04 13:59 - 000000000 ____D C:\Program Files (x86)\Legacy Games
2021-01-04 04:16 - 2014-07-25 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-01-04 04:02 - 2020-11-04 18:29 - 000000000 ____D C:\Users\Nola\AppData\Roaming\ShamanGS
2021-01-04 03:43 - 2020-09-07 05:41 - 000000000 ____D C:\Program Files (x86)\Babel Deluxe
2021-01-03 23:36 - 2020-04-16 10:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-01-03 23:33 - 2019-11-22 13:40 - 000000000 ____D C:\Users\Nola\Desktop\Important things
2021-01-01 01:40 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories ========

2019-11-20 10:22 - 2019-11-20 10:22 - 000000017 _____ () C:\Users\Nola\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-01-23 18:38
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2021
Ran by Nola (23-01-2021 19:41:13)
Running from C:\Users\Nola\Downloads
Windows 8.1 (Update) (X64) (2019-11-20 16:01:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2169875413-863306336-142727359-500 - Administrator - Disabled)
Guest (S-1-5-21-2169875413-863306336-142727359-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2169875413-863306336-142727359-1003 - Limited - Enabled)
Nola (S-1-5-21-2169875413-863306336-142727359-1001 - Administrator - Enabled) => C:\Users\Nola

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Days Under The Sea (HKLM-x32\...\BFG-10 Days Under The Sea) (Version: - )
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
Absolute Tetris Cup v2.2 (HKLM-x32\...\Hextris1.2.1_is1) (Version: - )
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3002 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.01.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3004 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adventure Trip - Wonders of the World (HKLM-x32\...\535896557f0d49accf157e2d2281de41) (Version: - GameHouse)
Aloha TriPeaks (HKLM-x32\...\WTA-2b053d63-76be-4744-b7e6-c849fa701987) (Version: 2.2.0.98 - WildTangent) Hidden
Altova MissionKit 2020 sp1 (x64) Enterprise Edition (HKLM\...\{15119EE2-30B9-4583-AEE7-FD12E9F736EE}) (Version: 2020.00.01 - Altova)
Amazon 1Button App (HKLM-x32\...\{FF0A904E-8827-4F6E-9A59-900D4C997AD1}) (Version: 1.0.8 - Amazon) <==== ATTENTION
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.01.2008.3 - Acer Incorporated)
Arctic Quest 2 (HKLM-x32\...\BFG-Arctic Quest 2) (Version: - )
Azkend (HKLM-x32\...\BFG-Azkend) (Version: - )
Babel Deluxe (HKLM-x32\...\12a278f6d4b2f434fc0542348dcbcea8) (Version: - GameHouse)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-a4534830-4fad-4c96-9d9b-27466fc38be3) (Version: 2.2.0.95 - WildTangent) Hidden
Big City Adventure - San Francisco (HKLM-x32\...\BFG-Big City Adventure - San Francisco) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bubble Golden Pack v2.0 (HKLM-x32\...\BGPack_is1) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Citadel Arcanes (HKLM-x32\...\BFG-Citadel Arcanes) (Version: - )
Concentration (HKLM-x32\...\BFG-Concentration) (Version: - )
Dark Romance: Curse of Bluebeard Collector's Edition (HKLM-x32\...\BFG-Dark Romance - Curse of Bluebeard Collectors Edition) (Version: - )
Delicious Special (HKLM-x32\...\b372b876c67f85537d30fd8f0b537313) (Version: - GameHouse)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
Family Feud: Battle of the Sexes (HKLM-x32\...\BFG-Family Feud - Battle of the Sexes) (Version: - )
Farm to Fork Collector's Edition (HKLM-x32\...\WTA-84062b1b-e899-4d14-a2c0-558c99c40a6b) (Version: 3.0.2.59 - WildTangent) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012.c.r4.4 - MakeMusic)
Fishing Craze Deluxe (HKLM-x32\...\241e36d0c2e636445c9e8a6c19682117) (Version: - GameHouse)
Flip Words 2 (HKLM-x32\...\BFG-Flip Words 2) (Version: - )
Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - )
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
GameHouse Word Collection (HKLM-x32\...\6fcc4845923347d1a96b744bc2aa8b33) (Version: - GameHouse)
Gold Miner Vegas (HKLM-x32\...\BFG-Gold Miner Vegas) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-d6c5e282-8b5e-4faf-bf51-4a443b3ea61c) (Version: 3.0.2.59 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\SweetLabs_AP) (Version: 0.269.9.200 - Pokki) <==== ATTENTION
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-4ecd0fa3-0927-4bf6-ab00-e61c96d88749) (Version: 3.0.2.59 - WildTangent) Hidden
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version: - )
Jigsaw365 (HKLM-x32\...\BFG-Jigsaw365) (Version: - )
Kalima (HKLM-x32\...\28825fd7e102df86b0224fdf38e413bf) (Version: - GameHouse)
Keys to Manhattan (HKLM-x32\...\BFG-Keys to Manhattan) (Version: - )
King Oddball (HKLM-x32\...\WTA-20a68326-716f-4970-a475-0ea9c05077d4) (Version: 3.0.2.48 - WildTangent) Hidden
Letter Lab (HKLM-x32\...\BFG-Letter Lab) (Version: - )
Lexigo RUSH (HKLM-x32\...\f77edce3418f75a26e8119f2f0fae27c) (Version: - GameHouse)
Lottso! Deluxe (HKLM-x32\...\BFG-Lottso! Deluxe) (Version: - )
LUXOR Evolved (HKLM-x32\...\WTA-febbfdff-3d6b-48d6-948a-4241a3e8d649) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-99dd91d7-a059-4a28-9b7a-fb4ebb571271) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Vines (HKLM-x32\...\Magic Vines) (Version: 32.0.0.0 - Shockwave.com)
Magic Vines™ (HKLM-x32\...\BFG-Magic Vines) (Version: - )
Mah Jong Quest (remove only) (HKLM-x32\...\Mah Jong Quest) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2023.1 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Ocean Express (HKLM-x32\...\BFG-Ocean Express) (Version: - )
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Peggle Nights (HKLM-x32\...\WTA-023c55ad-897a-48ad-9316-2cae6a492602) (Version: 2.2.0.98 - WildTangent) Hidden
Picket Fences™ (HKLM-x32\...\BFG-Picket Fences) (Version: - )
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-f5cbd03a-4aa4-4a93-bbe1-5cfbb970df31) (Version: 3.0.2.59 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\SweetLabs_Start_Menu) (Version: 0.269.9.200 - Pokki) <==== ATTENTION
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6ba243f8-6f6e-4ff5-ba14-d6e9a15b214f) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Roblox Player for Nola (HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\roblox-player) (Version: - Roblox Corporation)
Saints and Sinners Bingo (HKLM-x32\...\BFG-Saints and Sinners Bingo) (Version: - )
SandScript (HKLM-x32\...\BFG-SandScript) (Version: - )
Solitaire Cruise (HKLM-x32\...\BFG-Solitaire Cruise) (Version: - )
Super GameHouse Solitaire (HKLM-x32\...\BFG-Super GameHouse Solitaire) (Version: - )
Super TextTwist (HKLM-x32\...\3e04f15ac7d8cbe27ecab6b7c55ed1e8) (Version: - GameHouse)
Super WHATword (HKLM-x32\...\16ee27620b641d13952444139329a216) (Version: - GameHouse)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-2d9371b7-93ef-45d8-99c5-4dd649b6f1da) (Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-f407f3a6-94c6-4e19-842b-7f09024157b9) (Version: 2.2.0.98 - WildTangent) Hidden
Trivia Machine (HKLM-x32\...\BFG-Trivia Machine) (Version: - )
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Adventures: Park Ranger (HKLM-x32\...\BFG-Vacation Adventures - Park Ranger) (Version: - )
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
Word Mojo (HKLM-x32\...\edf24371bc3e4257aad60607b830206e) (Version: - Zylom)
Word Mojo Gold (HKLM-x32\...\d6f17c74aa0b49ddbd783e38d926a528) (Version: - GameHouse)
Word Mojo Gold (HKLM-x32\...\Word Mojo Gold) (Version: - )
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version: - )
WordLab v1.12 (HKLM-x32\...\WordLab_is1) (Version: - NCBuy.com)
Zoom (HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-c5c7d33e-2377-4950-8732-d1a99c7d47d2) (Version: 2.2.0.97 - WildTangent) Hidden

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2019-11-22] (WildTangent Games)
2048 Now -> C:\Program Files\WindowsApps\29839GeoGenSoft.2048Now_1.1.0.1_neutral__h5pfn8t6215cg [2020-08-09] (GeoGenSoft)
4 Pics One Word -> C:\Program Files\WindowsApps\56397DenhamSoftwareSoluti.4PicsOneWord_1.4.0.2_neutral__ww9fsy04r7qzr [2020-08-09] (Denham Software Solutions)
Abradoodle Bingo -> C:\Program Files\WindowsApps\Abradoodle.AbradoodleBingo_1.0.0.9_neutral__pmwv89mac3ger [2020-08-09] (Abradoodle)
AccuWeather for Windows 8 -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_4.1.0.31_x64__8zz2pj9h1h1d8 [2019-11-22] (AccuWeather)
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4 [2019-11-22] (Acer Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2019-11-22] (Amazon.com)
Booking.com Partner Edition -> C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr [2019-11-20] (Booking.com B.V.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-04-16] (Canon Inc.)
Classic Hearts -> C:\Program Files\WindowsApps\19789RossBor.ClassicHearts_1.1.0.1_x64__bckpywbq9b7yj [2020-08-09] (RossBor) [MS Ad]
DealOrNoDeal -> C:\Program Files\WindowsApps\28551Alfredtech.DealOrNoDeal_1.0.0.2_neutral__nvqy9j420z7zy [2020-08-09] (Alfredtech)
Dominoes Deluxe for HP -> C:\Program Files\WindowsApps\RollingDonutAppsLLC.DominoesDeluxeforHP_1.2.0.3_x64__1xzbgtnaw6kna [2020-08-09] (Rolling Donut Apps LLC) [MS Ad]
Dynamite Fishing World Games -> C:\Program Files\WindowsApps\www.handy-games.comGmbH.DynamiteFishingWorldGames_1.2.1.4132_x86__wy98k6hjbhdve [2020-08-09] (www.handy-games.com GmbH)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2019-11-22] (eBay, Inc)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2019-11-22] (Evernote)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2019-11-22] (Flipboard)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_2.0.15133.0_x86__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation)
Fruit Blast 3D -> C:\Program Files\WindowsApps\16387HugeGames.FruitBlast3D_3.0.0.0_x64__04h22s82xesw6 [2020-08-09] (Huge Games) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad]
Gin Rummy Deluxe for HP -> C:\Program Files\WindowsApps\RollingDonutAppsLLC.GinRummyDeluxeforHP_1.1.0.5_neutral__1xzbgtnaw6kna [2020-08-09] (Rolling Donut Apps LLC)
Guess The Celeb Quiz -> C:\Program Files\WindowsApps\12617bubblequizgames.GuessTheCelebQuiz_1.0.1.0_x86__ay53zzg3tew8a [2020-08-09] (bubble quiz games)
Guess The Movie Quiz! -> C:\Program Files\WindowsApps\12617bubblequizgames.GuessTheMovieQuiz_1.0.1.0_x86__ay53zzg3tew8a [2020-08-09] (bubble quiz games)
Hangman Pro -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HangmanPro_2.0.0.18_x64__kx24dqmazqk8j [2020-08-09] (Random Salad Games LLC) [MS Ad]
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_4.5.0.18_x64__kx24dqmazqk8j [2019-11-20] (Random Salad Games LLC)
Hidden City®: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.16.1700.0_x86__ytsefhwckbdv6 [2020-08-09] (G5 Entertainment AB)
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2019-11-20] (Hewlett-Packard Company)
Hulu Plus -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_1.6.1.0_x64__fphbd361v8tya [2019-11-22] (Hulu.)
iStoryTime Library -> C:\Program Files\WindowsApps\zuukaInc.iStoryTimeLibrary_1.1.0.69_x64__phapb5x6gdepm [2019-11-22] (zuuka Inc)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2019-11-22] (AMZN Mobile LLC)
Logo Quiz Game -> C:\Program Files\WindowsApps\12617bubblequizgames.LogoQuizGame_2.1.0.0_x86__ay53zzg3tew8a [2020-08-09] (bubble quiz games)
Marble Woka Woka -> C:\Program Files\WindowsApps\A89D00EA.MarbleWokaWoka_2.12.1.1_x86__1xvjhtt66emdc [2020-08-09] (Two Desperados Ltd.)
Master of Words -> C:\Program Files\WindowsApps\RockheadGames.MasterofWords_1.2.0.1_x86__h1yrhgjr725xt [2020-08-10] (Rockhead Games)
Millionaire Quiz Adventure -> C:\Program Files\WindowsApps\37442SublimeCo.MillionaireQuizAdventure_1.0.2.1_x64__15r1cmjbwty0t [2020-08-09] (Sublime Co) [MS Ad]
Mind Games (Free) -> C:\Program Files\WindowsApps\470AlexeiGarbuzenko.MindGamesFree_1.1.5.32_neutral__gd2qghq4jdjcm [2020-08-09] (Alexei Garbuzenko)
Mind Snares: Alice's Journey -> C:\Program Files\WindowsApps\ArtifexMundi.MindSnaresAlicesJourney_2.0.0.0_x86__xmkq9zz36w32m [2019-11-20] (Artifex Mundi)
Movie Moments -> C:\Program Files\WindowsApps\Microsoft.MovieMoments_6.3.9654.20464_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2019-11-22] (Netflix, Inc.)
Next Issue Magazines for Acer -> C:\Program Files\WindowsApps\48AD0183.NextIssueMagazinesforAcer_1.5.18.0_x64__w8az3ffzyab5c [2014-11-22] (NEXT ISSUE MEDIA,LLC .)
NoteToSelf -> C:\Program Files\WindowsApps\46988EvilGardenGnome.NoteToSelf_1.1.0.0_neutral__kdwky8daxz13w [2019-11-24] (Evil Garden Gnome)
PhotoFunia -> C:\Program Files\WindowsApps\CapsuleDigital.PhotoFunia_5.2.0.0_neutral__yede6ekgzbztc [2019-11-20] (Capsule Digital)
Pyramid Solitaire! -> C:\Program Files\WindowsApps\59091GameDesignStudio.PyramidSolitaire_1.0.1.8_x64__hke3ffja2n6hy [2020-08-09] (Game Design Studio) [MS Ad]
Rummi -> C:\Program Files\WindowsApps\ReflectionIT.Rummi_2.5.0.2_x64__h3qw2m3pefnrp [2020-08-09] (Reflection IT) [MS Ad]
Schedule Planner -> C:\Program Files\WindowsApps\26194KrmiGerg.SchedulePlanner_1.1.1.2_x64__8ec0x26xtr58c [2019-11-20] (Körömi Gergő)
Simple Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleWordSearch_1.1.0.10_x64__kx24dqmazqk8j [2019-11-20] (Random Salad Games LLC) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2019-11-22] (Skype) [MS Ad]
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_3.2.0.12_neutral__kx24dqmazqk8j [2019-11-20] (Random Salad Games LLC) [MS Ad]
Spades!? -> C:\Program Files\WindowsApps\59091GameDesignStudio.4932446B1D9C8_1.1.0.0_x64__hke3ffja2n6hy [2020-08-09] (Game Design Studio) [MS Ad]
TriPeaks Solitaire! -> C:\Program Files\WindowsApps\59091GameDesignStudio.TriPeaksSolitaire_1.1.0.1_x64__hke3ffja2n6hy [2020-08-09] (Game Design Studio) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
Wheel Of Fortune - Golden Casino -> C:\Program Files\WindowsApps\16387HugeGames.WheelOfFortune-GoldenCasino_2.0.0.1_x64__04h22s82xesw6 [2020-08-09] (Huge Games) [MS Ad]
Word Fall -> C:\Program Files\WindowsApps\18212JakubBielawa.WordFall_1.1.0.0_neutral__2gavfd0ye0knr [2019-11-20] (Jakub Bielawa)
Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.WordSearch_3.3.0.24_neutral__kx24dqmazqk8j [2020-08-10] (Random Salad Games LLC) [MS Ad]
Word Twist -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.WordTwist_2.3.0.12_neutral__kx24dqmazqk8j [2020-08-09] (Random Salad Games LLC)
Word Twist Deluxe -> C:\Program Files\WindowsApps\RollingDonutApps.WordTwistDeluxe_2.0.0.5_neutral__sy1ej89k10knt [2019-11-20] (Rolling Donut Apps)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-12-24] (Microsoft Corporation)
YahtzeeGame -> C:\Program Files\WindowsApps\59460JanneKalliokulju.YahtzeeGame_1.0.0.14_x64__j30e6g75nf7sj [2020-08-09] (Janne Kalliokulju)
Yatzy Ultimate Free -> C:\Program Files\WindowsApps\Seavus.YatzyUltimateFree_5.10.0.147_x86__bwc13hzg5kga8 [2019-11-20] (Seavus) [MS Ad]
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-11-22] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-13] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers2: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers4: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers5: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [8704 2014-10-28] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download

==================== Loaded Modules (Whitelisted) =============

2014-07-01 00:04 - 2014-07-01 00:04 - 000086016 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Acer\Acer Portal\Interop.WUApiLib.2.0.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2020-04-16 09:24 - 2013-04-26 17:31 - 000521216 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2020-04-16 09:24 - 2013-04-26 17:28 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-02-25 22:18 - 2014-02-25 22:18 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-02-25 22:09 - 2014-02-25 22:09 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-02-25 22:09 - 2014-02-25 22:09 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:03BF0375 [278]
AlternateDataStreams: C:\ProgramData\Temp:0D3CE40A [0]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:1409277B [0]
AlternateDataStreams: C:\ProgramData\Temp:14617264 [127]
AlternateDataStreams: C:\ProgramData\Temp:15D23447 [240]
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5 [205]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [290]
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4 [0]
AlternateDataStreams: C:\ProgramData\Temp:3A0561F3 [482]
AlternateDataStreams: C:\ProgramData\Temp:3F2212BB [211]
AlternateDataStreams: C:\ProgramData\Temp:3F6B95A0 [218]
AlternateDataStreams: C:\ProgramData\Temp:40937279 [124]
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD [111]
AlternateDataStreams: C:\ProgramData\Temp:41F8E189 [248]
AlternateDataStreams: C:\ProgramData\Temp:43301D1D [202]
AlternateDataStreams: C:\ProgramData\Temp:466FA8C3 [141]
AlternateDataStreams: C:\ProgramData\Temp:4AC1D560 [229]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:4C496DBA [492]
AlternateDataStreams: C:\ProgramData\Temp:52AB1CE4 [207]
AlternateDataStreams: C:\ProgramData\Temp:538A9F02 [210]
AlternateDataStreams: C:\ProgramData\Temp:5433DBEF [201]
AlternateDataStreams: C:\ProgramData\Temp:575EA127 [122]
AlternateDataStreams: C:\ProgramData\Temp:5CAB8A04 [235]
AlternateDataStreams: C:\ProgramData\Temp:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\Temp:6C74C778 [236]
AlternateDataStreams: C:\ProgramData\Temp:6DA52D51 [139]
AlternateDataStreams: C:\ProgramData\Temp:744478A2 [224]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [163]
AlternateDataStreams: C:\ProgramData\Temp:78ADFF54 [0]
AlternateDataStreams: C:\ProgramData\Temp:79059537 [243]
AlternateDataStreams: C:\ProgramData\Temp:82FF14B1 [194]
AlternateDataStreams: C:\ProgramData\Temp:86725A4F [238]
AlternateDataStreams: C:\ProgramData\Temp:895A78C5 [139]
AlternateDataStreams: C:\ProgramData\Temp:8AED9359 [207]
AlternateDataStreams: C:\ProgramData\Temp:9547F1DB [218]
AlternateDataStreams: C:\ProgramData\Temp:9AD417ED [201]
AlternateDataStreams: C:\ProgramData\Temp:9EF92A1A [215]
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E [402]
AlternateDataStreams: C:\ProgramData\Temp:B935DA62 [296]
AlternateDataStreams: C:\ProgramData\Temp:B9F8237A [200]
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899 [248]
AlternateDataStreams: C:\ProgramData\Temp:BDE546C6 [192]
AlternateDataStreams: C:\ProgramData\Temp:BED8A204 [0]
AlternateDataStreams: C:\ProgramData\Temp:C3392F75 [207]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [212]
AlternateDataStreams: C:\ProgramData\Temp:ECD86790 [288]
AlternateDataStreams: C:\ProgramData\Temp:EE35D8BE [153]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2169875413-863306336-142727359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> DefaultScope {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2020-12-04 18:18 - 000000857 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Acer\abFiles\
HKU\S-1-5-21-2169875413-863306336-142727359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nola\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{069649DC-C5AA-4825-8430-220FAC652650}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{758AC8C6-5329-4CDF-8883-9EAA9A72511F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{14712D86-0306-4D1D-9787-C54280F5CE0B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{79531E05-FF31-4F39-A98C-CC8B16BBE063}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{A18F6315-F276-473C-801F-03FC9B09A504}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{6B3BEFBC-DD41-4917-BD55-045B6B137A7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{07DC3E21-004C-4149-85C0-A1E4BD9BB91D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{FB1C5D98-381B-4E3A-A88F-451A49A81017}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0524E956-39D2-4EE6-BE73-3B727EAFC67B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{8B1A715B-8F54-4A6D-8AEA-8C6629AAC139}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{50EA32E8-3E9C-42FE-8AC8-2EF40683ABA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5403C521-975F-4883-A6B6-FF0E3F987CE7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0CD7AFF3-598E-459D-8FD7-DB6D2AAAE12B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{B613BB0C-0FC9-4D15-AB81-650DCC7DE2E1}] => (Allow) C:\Users\Nola\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{98CBF9E2-C3B3-4FCB-9DCA-BD47AB42CDEB}] => (Allow) C:\Users\Nola\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{FC1739E0-46F4-4D30-BB03-27695E429208}C:\windows\system32\msiexec.exe] => (Allow) C:\windows\system32\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{7926308C-C4AA-42E1-BD29-BAB9917E78FB}C:\windows\system32\msiexec.exe] => (Allow) C:\windows\system32\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{89C3BAAB-F456-429B-93A5-EFFE8F2C7C18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 19:42:23 Scheduled Checkpoint
17-01-2021 03:26:33 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/23/2021 07:22:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Nola\Downloads\chrome.exe".
Dependent Assembly 83.0.4103.116,language="*",type="win32",version="83.0.4103.116" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2021 07:16:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d48

Start Time: 01d6f1cfa50cc75e

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 5d0d7b5a-5de1-11eb-82d7-acb57d38e06b

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2021 07:14:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1098

Start Time: 01d6f1ee227e1b81

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 927278fc-5de1-11eb-82d7-acb57d38e06b

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2021 07:14:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Nola\Downloads\chrome.exe".
Dependent Assembly 83.0.4103.116,language="*",type="win32",version="83.0.4103.116" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2021 06:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.2, time stamp: 0x53ac24cc
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x1138
Faulting application start time: 0x01d6f1cfcd6720a5
Faulting application path: C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll
Report Id: b575172f-5dd8-11eb-82d7-acb57d38e06b
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2021 02:20:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a78

Start Time: 01d6edfa3e242756

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: dff3a7d5-5a2e-11eb-82d5-acb57d38e06b

Faulting package full name: 26194KrmiGerg.SchedulePlanner_1.1.1.2_x64__8ec0x26xtr58c

Faulting package-relative application ID: App

Error: (01/19/2021 02:18:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GRAMMASROOM)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/19/2021 02:18:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GRAMMASROOM)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (01/19/2021 02:18:25 AM) (Source: DCOM) (EventID: 10001) (User: GRAMMASROOM)
Description: Unable to start a DCOM Server: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

Error: (01/19/2021 02:18:24 AM) (Source: DCOM) (EventID: 10010) (User: GRAMMASROOM)
Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.

Error: (01/04/2021 03:35:56 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:48 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:40 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:32 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:24 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:15 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Windows Defender:
===================================
Date: 2021-01-23 18:38:47.771
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {76D14EDF-FED6-4965-AD04-39EF980C053E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 07:26:07.184
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5F790856-43CC-4DBB-8BC0-F8495084CFD0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 10:51:30.736
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8D1D1299-4E35-42BC-9FDE-FCC75914EB4F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 05:35:27.727
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8C6EC1B7-C909-4A45-AB4C-6648A7970A01}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 03:33:28.488
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Games\Labyrinths of the World - Lost Island\LabyrinthsOfTheWorld_LostIsland_CE.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Nola\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Signature Version: AV: 1.329.1628.0, AS: 1.329.1628.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17700.4, NIS: 2.1.14600.4

Date: 2021-01-08 12:21:51.045
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.329.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:51.044
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.329.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:50.911
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:50.799
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:31.159
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.329.1737.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: Acer V1.06 09/25/2014
Motherboard: Acer Aspire E5-511P
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 71%
Total physical RAM: 3979.2 MB
Available physical RAM: 1150.72 MB
Total Virtual: 4683.2 MB
Available Virtual: 1022.12 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.98 GB) (Free:391.45 GB) NTFS

\\?\Volume{80eb9ccb-b991-4d71-bcbb-27ae78031c25}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
\\?\Volume{3fdf2fd6-32b8-4470-b242-7fb55cc6f397}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{d30944dc-53da-4c54-868a-adb896f45483}\ (Push Button Reset) (Fixed) (Total:15.34 GB) (Free:2.44 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BBC06BB5)

Partition: GPT.

==================== End of Addition.txt =======================

I'm having allot of problems with my pc and I'm not sure what s wrong with it. When I tried to run the fabar recovery tool, I kept getting a mssage that it was uncommon and a danger to my pc. I had to turn off the windows smartscreen before I could run it. I let my granddaughter use my laptop for about a week on a few occassions and it's worse everytime I get it back.o_O Can you help me clean it up? thank you
 
See less See more
#2 · (Edited)
Hi, Nola.

My first comments/instructions regarding your logs:

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
Amazon 1Button App
Host App Service
Pokki Start Menu
Java 8 Update 261
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer when you finish the procedure.
Note: Java is outdated. If you need it, we will install the latest version later.

You may also consider to uninstall the following if you do not use them. They came preinstalled in your computer and I don't see any reason to be there if you do not use/need them. Your computer, your decision. Feel free to uninstall any other program you do not need in this step.

abFiles
Acer Care Center
Acer Explorer Agent
Acer Launch Manager
Acer Portal
Acer Power Management
Acer Quick Access
Acer Recovery Management
Acer Screen Grasp
Acer Touch Tools
Acer User Experience Improvement Program App Monitor Plugin
Acer User Experience Improvement Program Framework
AOP Framework

Also, McAfee is installed, but it isn't shown as active in the Security Center. If you want it, perhaps uninstalling and reinstalling it will help. Personally, I would stay with Windows Defender which is the built-in antivirus for Windows 8 and above, but again, this is your choice.

To uninstall McAfee,
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
McAfee Security Scan Plus
  • Select the above program and click Uninstall.
  • Restart the computer.
Then, use the Method 2 here, to completely uninstall it with the Removal Tool.

2. Uninstall Chrome extensions
  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Metastream Remote and securyBrowse and remove them, one by one, clicking on Remove.
  • Confirm the action by clicking Remove once again.

3. Run FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\RunOnce: [Application Restart #2] => C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [9581800 2020-12-03] (Pokki, Inc. -> Pokki)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{981b174d-7733-4e7f-b89d-6545a7c21838}] -> c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe [2014-05-06] (Amazon) [File not signed]
Task: {DAA6E3C9-AEAC-4CCB-9748-78E562A4F88A} - System32\Tasks\SweetLabs App Platform => C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [10650856 2020-12-03] (Pokki, Inc. -> Pokki)
C:\Users\Nola\AppData\Local\SweetLabs App Platform
c:\Program Files (x86)\Amazon
Edge DefaultSearchURL: Default -> hxxp://search.securybrowse.com/?dss&yh&q={searchTerms}
Edge DefaultSearchKeyword: Default -> securyBrowse
Edge DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
Edge Extension: (securyBrowse) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kjincgipkjkimkcmolmajgcfpdjbckgc [2020-08-11]
CHR Notifications: Default -> hxxps://forums.techguy.org; hxxps://medicare.healthcare.com; hxxps://music.amazon.com; hxxps://myhomenetwork.att.com; hxxps://mypdf.online; hxxps://www.730sagestreet.com; hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.hudforeclosed.com; hxxps://www.medigap.com
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=MBACF4E82-A701-46E8-B62C-54D1B47E47D5&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPBF91A14B-279A-48C3-A2A2-2E56DE59F9DB&SSPV=","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://Lasaoren.com/?f=7&a=lrn_ir_14_45_ie&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0FzzyEyE0CtAtB0BtCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0B0ByDyEtBtDtGtAyEtC0AtGyBtDzz0DtGyEtAyDyBtGtByC0CtCyByB0AyC0EzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyD0F0F0C0A0DtGyC0E0D0FtGyE0E0CtCtG0AyEzyzztGtBtByDtByE0EtDyDtBtA0F0A2Q&cr=233277235&ir=","hxxp://homepage-web.com/?s=acer&m=start","hxxp://www.google.com","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.securybrowse.com/?dss&yh&q={searchTerms}
CHR DefaultSearchKeyword: Default -> securyBrowse
CHR DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
S3 cpuz136; \??\C:\Users\Nola\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 OCULUSVRHEADSET; \SystemRoot\system32\DRIVERS\OCULUS119B.sys [X]
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]
C:\Users\Nola\Downloads\ComboFix.exe
AlternateDataStreams: C:\ProgramData\Temp:03BF0375 [278]
AlternateDataStreams: C:\ProgramData\Temp:0D3CE40A [0]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:1409277B [0]
AlternateDataStreams: C:\ProgramData\Temp:14617264 [127]
AlternateDataStreams: C:\ProgramData\Temp:15D23447 [240]
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5 [205]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [290]
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4 [0]
AlternateDataStreams: C:\ProgramData\Temp:3A0561F3 [482]
AlternateDataStreams: C:\ProgramData\Temp:3F2212BB [211]
AlternateDataStreams: C:\ProgramData\Temp:3F6B95A0 [218]
AlternateDataStreams: C:\ProgramData\Temp:40937279 [124]
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD [111]
AlternateDataStreams: C:\ProgramData\Temp:41F8E189 [248]
AlternateDataStreams: C:\ProgramData\Temp:43301D1D [202]
AlternateDataStreams: C:\ProgramData\Temp:466FA8C3 [141]
AlternateDataStreams: C:\ProgramData\Temp:4AC1D560 [229]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:4C496DBA [492]
AlternateDataStreams: C:\ProgramData\Temp:52AB1CE4 [207]
AlternateDataStreams: C:\ProgramData\Temp:538A9F02 [210]
AlternateDataStreams: C:\ProgramData\Temp:5433DBEF [201]
AlternateDataStreams: C:\ProgramData\Temp:575EA127 [122]
AlternateDataStreams: C:\ProgramData\Temp:5CAB8A04 [235]
AlternateDataStreams: C:\ProgramData\Temp:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\Temp:6C74C778 [236]
AlternateDataStreams: C:\ProgramData\Temp:6DA52D51 [139]
AlternateDataStreams: C:\ProgramData\Temp:744478A2 [224]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [163]
AlternateDataStreams: C:\ProgramData\Temp:78ADFF54 [0]
AlternateDataStreams: C:\ProgramData\Temp:79059537 [243]
AlternateDataStreams: C:\ProgramData\Temp:82FF14B1 [194]
AlternateDataStreams: C:\ProgramData\Temp:86725A4F [238]
AlternateDataStreams: C:\ProgramData\Temp:895A78C5 [139]
AlternateDataStreams: C:\ProgramData\Temp:8AED9359 [207]
AlternateDataStreams: C:\ProgramData\Temp:9547F1DB [218]
AlternateDataStreams: C:\ProgramData\Temp:9AD417ED [201]
AlternateDataStreams: C:\ProgramData\Temp:9EF92A1A [215]
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E [402]
AlternateDataStreams: C:\ProgramData\Temp:B935DA62 [296]
AlternateDataStreams: C:\ProgramData\Temp:B9F8237A [200]
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899 [248]
AlternateDataStreams: C:\ProgramData\Temp:BDE546C6 [192]
AlternateDataStreams: C:\ProgramData\Temp:BED8A204 [0]
AlternateDataStreams: C:\ProgramData\Temp:C3392F75 [207]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [212]
AlternateDataStreams: C:\ProgramData\Temp:ECD86790 [288]
AlternateDataStreams: C:\ProgramData\Temp:EE35D8BE [153]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> DefaultScope {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{758AC8C6-5329-4CDF-8883-9EAA9A72511F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{14712D86-0306-4D1D-9787-C54280F5CE0B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{79531E05-FF31-4F39-A98C-CC8B16BBE063}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{A18F6315-F276-473C-801F-03FC9B09A504}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{6B3BEFBC-DD41-4917-BD55-045B6B137A7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{07DC3E21-004C-4149-85C0-A1E4BD9BB91D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{FB1C5D98-381B-4E3A-A88F-451A49A81017}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0524E956-39D2-4EE6-BE73-3B727EAFC67B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{8B1A715B-8F54-4A6D-8AEA-8C6629AAC139}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{50EA32E8-3E9C-42FE-8AC8-2EF40683ABA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5403C521-975F-4883-A6B6-FF0E3F987CE7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0CD7AFF3-598E-459D-8FD7-DB6D2AAAE12B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

4. AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

5. Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 
#3 ·
Whew! that was allot, but I got most of it though. First I uninstalled everything you mentioned and yes, also McAfee. I prefer Windows defender, although I had to turn it off in order to run or download any of these programs. The FRST64, when I opened it and clicked on fix, it said there was no fixlist.txt found. So this is the results of the scan.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Nola (administrator) on GRAMMASROOM (Acer Aspire E5-511P) (24-01-2021 16:49:45)
Running from C:\Users\Nola\Desktop
Loaded Profiles: Nola
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(GameHouse Europe B.V. -> GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(GameHouse Europe B.V. -> RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\RunOnce: [Application Restart #2] => C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resourc (the data entry has 603 more characters).
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\Windows\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [383496 2014-12-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.92\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3ED5350E-F568-45B4-95E2-6D416956ABFF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2014-01-06] (Acer Incorporated -> Acer Incorporated)
Task: {52C7DE7D-8F80-4D0A-8EEF-6DFE1516B6B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-20] (Google Inc -> Google LLC)
Task: {55F2114F-61DE-4F66-8668-140169E43C44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-20] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2D740B14-8DFD-48A5-81FE-F1C5BD5F0B51}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge Profile: C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-24]
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
Edge DefaultSearchURL: Default -> hxxps://search.securybrowse.com/?dss&yh&q={searchTerms}
Edge DefaultSearchKeyword: Default -> securyBrowse
Edge DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
Edge Extension: (Honey) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-01-24]
Edge Extension: (Click&Clean) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dacknjoogbepndbemlmljdobinliojbk [2020-07-15]
Edge Extension: (HP Smart Print) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2020-07-15]
Edge Extension: (securyBrowse) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kjincgipkjkimkcmolmajgcfpdjbckgc [2021-01-24]

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-2169875413-863306336-142727359-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Nola\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-12-30] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default [2021-01-24]
CHR Notifications: Default -> hxxps://forums.techguy.org; hxxps://medicare.healthcare.com; hxxps://music.amazon.com; hxxps://myhomenetwork.att.com; hxxps://mypdf.online; hxxps://www.730sagestreet.com; hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.hudforeclosed.com; hxxps://www.medigap.com
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=MBACF4E82-A701-46E8-B62C-54D1B47E47D5&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPBF91A14B-279A-48C3-A2A2-2E56DE59F9DB&SSPV=","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://Lasaoren.com/?f=7&a=lrn_ir_14_45_ie&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0FzzyEyE0CtAtB0BtCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0B0ByDyEtBtDtGtAyEtC0AtGyBtDzz0DtGyEtAyDyBtGtByC0CtCyByB0AyC0EzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyD0F0F0C0A0DtGyC0E0D0FtGyE0E0CtCtG0AyEzyzztGtBtByDtByE0EtDyDtBtA0F0A2Q&cr=233277235&ir=","hxxp://homepage-web.com/?s=acer&m=start","hxxp://www.google.com","hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-20]
CHR Extension: (Docs) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-20]
CHR Extension: (Google Drive) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-20]
CHR Extension: (Google Search) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-11-20]
CHR Extension: (Sheets) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-25]
CHR Extension: (Click&Clean) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-01-18]
CHR Extension: (Interpretation of a Lion) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbongphmapdgdnfgpigagkaonjgnplgf [2020-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-20]
CHR Extension: (Gmail) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-01]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse Europe B.V. -> GameHouse)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent Inc -> WildTangent)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (GameHouse Europe B.V. -> RealNetworks, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (WDKTestCert asix,130126255272009909 -> ASIX Electronics Corp.)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated -> Acer Incorporated)
R3 MpKsl46408381; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D1D1F5C-BA8B-48DA-A106-9FB211E1C362}\MpKslDrv.sys [47344 2021-01-24] (Microsoft Windows -> Microsoft Corporation)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated -> Acer Incorporated)
S3 SensorsServiceDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Nola\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 OCULUSVRHEADSET; \SystemRoot\system32\DRIVERS\OCULUS119B.sys [X]
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 16:49 - 2021-01-24 16:51 - 000016775 _____ C:\Users\Nola\Desktop\FRST.txt
2021-01-24 16:46 - 2021-01-24 16:46 - 000000000 ____D C:\Users\Nola\Desktop\FRST-OlderVersion
2021-01-23 22:11 - 2021-01-23 22:11 - 000000000 ____D C:\Users\Nola\AppData\Roaming\IteraLabs
2021-01-23 22:09 - 2021-01-23 22:09 - 000001250 _____ C:\Users\Public\Desktop\More Great Games.lnk
2021-01-23 22:09 - 2021-01-23 22:09 - 000001250 _____ C:\ProgramData\Desktop\More Great Games.lnk
2021-01-23 21:54 - 2021-01-23 21:54 - 000045300 _____ C:\Users\Nola\Downloads\5fff85f0f795c2445e1d6257.pdf
2021-01-23 21:50 - 2021-01-23 21:50 - 000045435 _____ C:\Users\Nola\Downloads\5fff85a69bb7666c610fdb4c.pdf
2021-01-23 21:39 - 2021-01-23 21:45 - 000001958 _____ C:\Users\Nola\Desktop\Rkill.txt
2021-01-23 21:38 - 2021-01-23 21:39 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Nola\Downloads\rkill.exe
2021-01-23 19:49 - 2021-01-23 19:50 - 002270936 _____ (Cermak Technologies, Inc.) C:\Users\Nola\Downloads\tsginfo (1).exe
2021-01-23 19:41 - 2021-01-23 19:51 - 000055664 _____ C:\Users\Nola\Downloads\Addition.txt
2021-01-23 19:35 - 2021-01-23 19:51 - 000032556 _____ C:\Users\Nola\Downloads\FRST.txt
2021-01-23 19:34 - 2021-01-24 16:50 - 000000000 ____D C:\FRST
2021-01-23 19:07 - 2021-01-24 16:46 - 002297344 _____ (Farbar) C:\Users\Nola\Desktop\FRST64.exe
2021-01-18 09:50 - 2021-01-18 09:50 - 000290669 _____ C:\Users\Nola\Downloads\ROGERS-PRICE-LIST-NEW-25.pdf
2021-01-17 03:14 - 2021-01-07 19:21 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-17 03:14 - 2021-01-07 19:13 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-08 12:27 - 2021-01-08 12:27 - 000027919 _____ C:\Users\Nola\Downloads\UT-44037-118722-10012020.pdf
2021-01-04 04:02 - 2021-01-04 04:02 - 000001668 _____ C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Witch's Tales.lnk
2021-01-04 04:02 - 2021-01-04 04:02 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Witch's Tales
2021-01-04 03:45 - 2021-01-04 04:02 - 000000000 ____D C:\Users\Nola\AppData\LocalLow\Shaman Games
2021-01-04 03:43 - 2021-01-04 03:43 - 000001789 _____ C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Hiddenverse - The Iron Tower.lnk
2021-01-04 03:43 - 2021-01-04 03:43 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hiddenverse - The Iron Tower
2021-01-04 03:39 - 2021-01-04 03:39 - 000001947 _____ C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Sea Legends - Phantasmal Light.lnk
2021-01-04 03:39 - 2021-01-04 03:39 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sea Legends - Phantasmal Light
2021-01-04 03:33 - 2021-01-04 04:00 - 000000000 ____D C:\Games
2020-12-28 08:54 - 2020-12-28 08:54 - 000246342 _____ C:\Users\Nola\Desktop\DL and food stamp card.pdf
2020-12-27 02:56 - 2020-12-27 02:57 - 001587768 _____ (Roblox Corporation) C:\Users\Nola\Downloads\RobloxPlayerLauncher (1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 16:41 - 2019-11-20 10:07 - 000003594 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2169875413-863306336-142727359-1001
2021-01-24 16:34 - 2019-11-20 10:06 - 000000000 ___DO C:\Users\Nola\OneDrive
2021-01-24 16:06 - 2014-03-18 04:03 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-24 16:06 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
2021-01-24 16:02 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 16:01 - 2019-11-20 10:00 - 000000000 ____D C:\Users\Nola
2021-01-24 16:01 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-01-24 15:57 - 2014-07-25 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-01-24 15:52 - 2014-07-25 06:55 - 000000000 ____D C:\Program Files\Acer
2021-01-24 15:52 - 2014-07-25 06:49 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2021-01-24 15:50 - 2019-11-20 10:03 - 000000000 ____D C:\Users\Nola\AppData\Local\Acer
2021-01-24 15:50 - 2014-07-25 06:49 - 000000000 ____D C:\Program Files (x86)\Acer
2021-01-24 15:49 - 2014-07-25 06:50 - 000000000 ____D C:\ProgramData\OEM
2021-01-24 15:48 - 2019-11-20 10:15 - 000000000 ____D C:\Users\Nola\AppData\Local\clear.fi
2021-01-24 15:48 - 2014-07-25 07:27 - 000000000 ___HD C:\OEM
2021-01-24 15:47 - 2014-07-25 06:49 - 000000000 ____D C:\ProgramData\acer
2021-01-24 14:53 - 2020-04-16 10:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-01-24 14:46 - 2019-11-20 12:36 - 000003934 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{29B8CB50-65FB-42FF-A0B4-6C35084CD905}
2021-01-24 03:36 - 2020-04-30 22:29 - 000000000 ____D C:\Users\Nola\Desktop\Games
2021-01-24 02:34 - 2014-07-25 06:50 - 000000000 ____D C:\ProgramData\Temp
2021-01-23 23:40 - 2020-03-26 05:13 - 000000000 ____D C:\Program Files (x86)\Trivia Machine
2021-01-23 23:23 - 2019-11-20 12:11 - 000000000 ____D C:\Users\Nola\AppData\Local\CrashDumps
2021-01-23 23:00 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache
2021-01-23 22:06 - 2019-11-22 14:30 - 000000000 ____D C:\BigFishCache
2021-01-23 16:24 - 2020-07-15 11:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-23 16:24 - 2020-07-15 11:17 - 000002206 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-23 16:24 - 2020-07-15 11:17 - 000002206 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-23 15:46 - 2020-07-15 11:16 - 000003380 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-23 15:46 - 2020-07-15 11:16 - 000003252 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-21 15:37 - 2019-11-24 00:21 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-19 02:39 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-01-19 02:39 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-01-19 02:35 - 2013-08-22 08:44 - 000463032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-19 02:28 - 2013-08-22 09:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-01-18 14:02 - 2020-04-29 17:33 - 000000000 ____D C:\Users\Nola\AppData\Local\Roblox
2021-01-18 13:53 - 2020-04-29 17:33 - 000000000 ____D C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-01-17 03:48 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-17 03:48 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-17 03:48 - 2013-08-22 09:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-17 03:46 - 2019-11-24 19:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-17 03:35 - 2019-11-24 19:47 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-08 12:22 - 2019-11-20 12:32 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-08 12:22 - 2019-11-20 12:32 - 000002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-08 12:22 - 2019-11-20 12:32 - 000002207 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-04 04:20 - 2020-09-06 03:28 - 000000000 ____D C:\ProgramData\WinZip
2021-01-04 04:17 - 2020-11-04 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy Interactive
2021-01-04 04:17 - 2020-11-04 14:15 - 000000000 ____D C:\Program Files (x86)\Legacy Interactive
2021-01-04 04:17 - 2020-11-04 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy Games
2021-01-04 04:17 - 2020-11-04 13:59 - 000000000 ____D C:\Program Files (x86)\Legacy Games
2021-01-04 04:02 - 2020-11-04 18:29 - 000000000 ____D C:\Users\Nola\AppData\Roaming\ShamanGS
2021-01-04 03:43 - 2020-09-07 05:41 - 000000000 ____D C:\Program Files (x86)\Babel Deluxe
2021-01-03 23:33 - 2019-11-22 13:40 - 000000000 ____D C:\Users\Nola\Desktop\Important things

==================== Files in the root of some directories ========

2019-11-20 10:22 - 2019-11-20 10:22 - 000000017 _____ () C:\Users\Nola\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-01-23 18:38
==================== End of FRST.txt ========================

and the addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Nola (24-01-2021 16:53:02)
Running from C:\Users\Nola\Desktop
Windows 8.1 (Update) (X64) (2019-11-20 16:01:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2169875413-863306336-142727359-500 - Administrator - Disabled)
Guest (S-1-5-21-2169875413-863306336-142727359-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2169875413-863306336-142727359-1003 - Limited - Enabled)
Nola (S-1-5-21-2169875413-863306336-142727359-1001 - Administrator - Enabled) => C:\Users\Nola

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10 Days Under The Sea (HKLM-x32\...\BFG-10 Days Under The Sea) (Version: - )
Absolute Tetris Cup v2.2 (HKLM-x32\...\Hextris1.2.1_is1) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adventure Trip - Wonders of the World (HKLM-x32\...\535896557f0d49accf157e2d2281de41) (Version: - GameHouse)
Aloha TriPeaks (HKLM-x32\...\WTA-2b053d63-76be-4744-b7e6-c849fa701987) (Version: 2.2.0.98 - WildTangent) Hidden
Altova MissionKit 2020 sp1 (x64) Enterprise Edition (HKLM\...\{15119EE2-30B9-4583-AEE7-FD12E9F736EE}) (Version: 2020.00.01 - Altova)
Arctic Quest 2 (HKLM-x32\...\BFG-Arctic Quest 2) (Version: - )
Azkend (HKLM-x32\...\BFG-Azkend) (Version: - )
Babel Deluxe (HKLM-x32\...\12a278f6d4b2f434fc0542348dcbcea8) (Version: - GameHouse)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-a4534830-4fad-4c96-9d9b-27466fc38be3) (Version: 2.2.0.95 - WildTangent) Hidden
Big City Adventure - San Francisco (HKLM-x32\...\BFG-Big City Adventure - San Francisco) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bubble Golden Pack v2.0 (HKLM-x32\...\BGPack_is1) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Citadel Arcanes (HKLM-x32\...\BFG-Citadel Arcanes) (Version: - )
Concentration (HKLM-x32\...\BFG-Concentration) (Version: - )
Delicious Special (HKLM-x32\...\b372b876c67f85537d30fd8f0b537313) (Version: - GameHouse)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
Family Feud: Battle of the Sexes (HKLM-x32\...\BFG-Family Feud - Battle of the Sexes) (Version: - )
Farm to Fork Collector's Edition (HKLM-x32\...\WTA-84062b1b-e899-4d14-a2c0-558c99c40a6b) (Version: 3.0.2.59 - WildTangent) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012.c.r4.4 - MakeMusic)
Fishing Craze Deluxe (HKLM-x32\...\241e36d0c2e636445c9e8a6c19682117) (Version: - GameHouse)
Flip Words 2 (HKLM-x32\...\BFG-Flip Words 2) (Version: - )
Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - )
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
GameHouse Word Collection (HKLM-x32\...\6fcc4845923347d1a96b744bc2aa8b33) (Version: - GameHouse)
Gold Miner Vegas (HKLM-x32\...\BFG-Gold Miner Vegas) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-d6c5e282-8b5e-4faf-bf51-4a443b3ea61c) (Version: 3.0.2.59 - WildTangent) Hidden
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-4ecd0fa3-0927-4bf6-ab00-e61c96d88749) (Version: 3.0.2.59 - WildTangent) Hidden
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version: - )
Jigsaw365 (HKLM-x32\...\BFG-Jigsaw365) (Version: - )
Kalima (HKLM-x32\...\28825fd7e102df86b0224fdf38e413bf) (Version: - GameHouse)
Keys to Manhattan (HKLM-x32\...\BFG-Keys to Manhattan) (Version: - )
King Oddball (HKLM-x32\...\WTA-20a68326-716f-4970-a475-0ea9c05077d4) (Version: 3.0.2.48 - WildTangent) Hidden
Letter Lab (HKLM-x32\...\BFG-Letter Lab) (Version: - )
Lexigo RUSH (HKLM-x32\...\f77edce3418f75a26e8119f2f0fae27c) (Version: - GameHouse)
Lottso! Deluxe (HKLM-x32\...\BFG-Lottso! Deluxe) (Version: - )
LUXOR Evolved (HKLM-x32\...\WTA-febbfdff-3d6b-48d6-948a-4241a3e8d649) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-99dd91d7-a059-4a28-9b7a-fb4ebb571271) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Vines (HKLM-x32\...\Magic Vines) (Version: 32.0.0.0 - Shockwave.com)
Magic Vines™ (HKLM-x32\...\BFG-Magic Vines) (Version: - )
Mah Jong Quest (remove only) (HKLM-x32\...\Mah Jong Quest) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Ocean Express (HKLM-x32\...\BFG-Ocean Express) (Version: - )
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Peggle Nights (HKLM-x32\...\WTA-023c55ad-897a-48ad-9316-2cae6a492602) (Version: 2.2.0.98 - WildTangent) Hidden
Picket Fences™ (HKLM-x32\...\BFG-Picket Fences) (Version: - )
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-f5cbd03a-4aa4-4a93-bbe1-5cfbb970df31) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6ba243f8-6f6e-4ff5-ba14-d6e9a15b214f) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Roblox Player for Nola (HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\roblox-player) (Version: - Roblox Corporation)
Saints and Sinners Bingo (HKLM-x32\...\BFG-Saints and Sinners Bingo) (Version: - )
SandScript (HKLM-x32\...\BFG-SandScript) (Version: - )
Solitaire Cruise (HKLM-x32\...\BFG-Solitaire Cruise) (Version: - )
Super GameHouse Solitaire (HKLM-x32\...\BFG-Super GameHouse Solitaire) (Version: - )
Super TextTwist (HKLM-x32\...\3e04f15ac7d8cbe27ecab6b7c55ed1e8) (Version: - GameHouse)
Super WHATword (HKLM-x32\...\16ee27620b641d13952444139329a216) (Version: - GameHouse)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-2d9371b7-93ef-45d8-99c5-4dd649b6f1da) (Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-f407f3a6-94c6-4e19-842b-7f09024157b9) (Version: 2.2.0.98 - WildTangent) Hidden
Trivia Machine (HKLM-x32\...\BFG-Trivia Machine) (Version: - )
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Adventures: Park Ranger (HKLM-x32\...\BFG-Vacation Adventures - Park Ranger) (Version: - )
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
Word Mojo (HKLM-x32\...\edf24371bc3e4257aad60607b830206e) (Version: - Zylom)
Word Mojo Gold (HKLM-x32\...\d6f17c74aa0b49ddbd783e38d926a528) (Version: - GameHouse)
Word Mojo Gold (HKLM-x32\...\Word Mojo Gold) (Version: - )
Word Monaco (HKLM-x32\...\BFG-Word Monaco) (Version: - )
WordLab v1.12 (HKLM-x32\...\WordLab_is1) (Version: - NCBuy.com)
Zoom (HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-c5c7d33e-2377-4950-8732-d1a99c7d47d2) (Version: 2.2.0.97 - WildTangent) Hidden

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2019-11-22] (WildTangent Games)
2048 Now -> C:\Program Files\WindowsApps\29839GeoGenSoft.2048Now_1.1.0.1_neutral__h5pfn8t6215cg [2020-08-09] (GeoGenSoft)
4 Pics One Word -> C:\Program Files\WindowsApps\56397DenhamSoftwareSoluti.4PicsOneWord_1.4.0.2_neutral__ww9fsy04r7qzr [2020-08-09] (Denham Software Solutions)
Abradoodle Bingo -> C:\Program Files\WindowsApps\Abradoodle.AbradoodleBingo_1.0.0.9_neutral__pmwv89mac3ger [2020-08-09] (Abradoodle)
AccuWeather for Windows 8 -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_4.1.0.31_x64__8zz2pj9h1h1d8 [2019-11-22] (AccuWeather)
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.0.3002_neutral__48frkmn4z8aw4 [2019-11-22] (Acer Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2019-11-22] (Amazon.com)
Booking.com Partner Edition -> C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerEdition_1.2.1.0_x64__6wqyppa9wfhnr [2019-11-20] (Booking.com B.V.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-04-16] (Canon Inc.)
Classic Hearts -> C:\Program Files\WindowsApps\19789RossBor.ClassicHearts_1.1.0.1_x64__bckpywbq9b7yj [2020-08-09] (RossBor) [MS Ad]
DealOrNoDeal -> C:\Program Files\WindowsApps\28551Alfredtech.DealOrNoDeal_1.0.0.2_neutral__nvqy9j420z7zy [2020-08-09] (Alfredtech)
Dominoes Deluxe for HP -> C:\Program Files\WindowsApps\RollingDonutAppsLLC.DominoesDeluxeforHP_1.2.0.3_x64__1xzbgtnaw6kna [2020-08-09] (Rolling Donut Apps LLC) [MS Ad]
Dynamite Fishing World Games -> C:\Program Files\WindowsApps\www.handy-games.comGmbH.DynamiteFishingWorldGames_1.2.1.4132_x86__wy98k6hjbhdve [2020-08-09] (www.handy-games.com GmbH)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2019-11-22] (eBay, Inc)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2019-11-22] (Evernote)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2019-11-22] (Flipboard)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_2.0.15133.0_x86__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation)
Fruit Blast 3D -> C:\Program Files\WindowsApps\16387HugeGames.FruitBlast3D_3.0.0.0_x64__04h22s82xesw6 [2020-08-09] (Huge Games) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad]
Gin Rummy Deluxe for HP -> C:\Program Files\WindowsApps\RollingDonutAppsLLC.GinRummyDeluxeforHP_1.1.0.5_neutral__1xzbgtnaw6kna [2020-08-09] (Rolling Donut Apps LLC)
Guess The Celeb Quiz -> C:\Program Files\WindowsApps\12617bubblequizgames.GuessTheCelebQuiz_1.0.1.0_x86__ay53zzg3tew8a [2020-08-09] (bubble quiz games)
Guess The Movie Quiz! -> C:\Program Files\WindowsApps\12617bubblequizgames.GuessTheMovieQuiz_1.0.1.0_x86__ay53zzg3tew8a [2020-08-09] (bubble quiz games)
Hangman Pro -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HangmanPro_2.0.0.18_x64__kx24dqmazqk8j [2020-08-09] (Random Salad Games LLC) [MS Ad]
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_4.5.0.18_x64__kx24dqmazqk8j [2019-11-20] (Random Salad Games LLC)
Hidden City®: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.16.1700.0_x86__ytsefhwckbdv6 [2020-08-09] (G5 Entertainment AB)
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2019-11-20] (Hewlett-Packard Company)
Hulu Plus -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_1.6.1.0_x64__fphbd361v8tya [2019-11-22] (Hulu.)
iStoryTime Library -> C:\Program Files\WindowsApps\zuukaInc.iStoryTimeLibrary_1.1.0.69_x64__phapb5x6gdepm [2019-11-22] (zuuka Inc)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2019-11-22] (AMZN Mobile LLC)
Logo Quiz Game -> C:\Program Files\WindowsApps\12617bubblequizgames.LogoQuizGame_2.1.0.0_x86__ay53zzg3tew8a [2020-08-09] (bubble quiz games)
Marble Woka Woka -> C:\Program Files\WindowsApps\A89D00EA.MarbleWokaWoka_2.12.1.1_x86__1xvjhtt66emdc [2020-08-09] (Two Desperados Ltd.)
Master of Words -> C:\Program Files\WindowsApps\RockheadGames.MasterofWords_1.2.0.1_x86__h1yrhgjr725xt [2020-08-10] (Rockhead Games)
Millionaire Quiz Adventure -> C:\Program Files\WindowsApps\37442SublimeCo.MillionaireQuizAdventure_1.0.2.1_x64__15r1cmjbwty0t [2020-08-09] (Sublime Co) [MS Ad]
Mind Games (Free) -> C:\Program Files\WindowsApps\470AlexeiGarbuzenko.MindGamesFree_1.1.5.32_neutral__gd2qghq4jdjcm [2020-08-09] (Alexei Garbuzenko)
Mind Snares: Alice's Journey -> C:\Program Files\WindowsApps\ArtifexMundi.MindSnaresAlicesJourney_2.0.0.0_x86__xmkq9zz36w32m [2019-11-20] (Artifex Mundi)
Movie Moments -> C:\Program Files\WindowsApps\Microsoft.MovieMoments_6.3.9654.20464_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2019-11-22] (Netflix, Inc.)
Next Issue Magazines for Acer -> C:\Program Files\WindowsApps\48AD0183.NextIssueMagazinesforAcer_1.5.18.0_x64__w8az3ffzyab5c [2014-11-22] (NEXT ISSUE MEDIA,LLC .)
NoteToSelf -> C:\Program Files\WindowsApps\46988EvilGardenGnome.NoteToSelf_1.1.0.0_neutral__kdwky8daxz13w [2019-11-24] (Evil Garden Gnome)
PhotoFunia -> C:\Program Files\WindowsApps\CapsuleDigital.PhotoFunia_5.2.0.0_neutral__yede6ekgzbztc [2019-11-20] (Capsule Digital)
Pyramid Solitaire! -> C:\Program Files\WindowsApps\59091GameDesignStudio.PyramidSolitaire_1.0.1.8_x64__hke3ffja2n6hy [2020-08-09] (Game Design Studio) [MS Ad]
Rummi -> C:\Program Files\WindowsApps\ReflectionIT.Rummi_2.5.0.2_x64__h3qw2m3pefnrp [2020-08-09] (Reflection IT) [MS Ad]
Schedule Planner -> C:\Program Files\WindowsApps\26194KrmiGerg.SchedulePlanner_1.1.1.2_x64__8ec0x26xtr58c [2019-11-20] (Körömi Gergő)
Simple Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleWordSearch_1.1.0.10_x64__kx24dqmazqk8j [2019-11-20] (Random Salad Games LLC) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2019-11-22] (Skype) [MS Ad]
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_3.2.0.12_neutral__kx24dqmazqk8j [2019-11-20] (Random Salad Games LLC) [MS Ad]
Spades!? -> C:\Program Files\WindowsApps\59091GameDesignStudio.4932446B1D9C8_1.1.0.0_x64__hke3ffja2n6hy [2020-08-09] (Game Design Studio) [MS Ad]
TriPeaks Solitaire! -> C:\Program Files\WindowsApps\59091GameDesignStudio.TriPeaksSolitaire_1.1.0.1_x64__hke3ffja2n6hy [2020-08-09] (Game Design Studio) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-11-22] (Microsoft Corporation) [MS Ad]
Wheel Of Fortune - Golden Casino -> C:\Program Files\WindowsApps\16387HugeGames.WheelOfFortune-GoldenCasino_2.0.0.1_x64__04h22s82xesw6 [2020-08-09] (Huge Games) [MS Ad]
Word Fall -> C:\Program Files\WindowsApps\18212JakubBielawa.WordFall_1.1.0.0_neutral__2gavfd0ye0knr [2019-11-20] (Jakub Bielawa)
Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.WordSearch_3.3.0.24_neutral__kx24dqmazqk8j [2020-08-10] (Random Salad Games LLC) [MS Ad]
Word Twist -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.WordTwist_2.3.0.12_neutral__kx24dqmazqk8j [2020-08-09] (Random Salad Games LLC)
Word Twist Deluxe -> C:\Program Files\WindowsApps\RollingDonutApps.WordTwistDeluxe_2.0.0.5_neutral__sy1ej89k10knt [2019-11-20] (Rolling Donut Apps)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-12-24] (Microsoft Corporation)
YahtzeeGame -> C:\Program Files\WindowsApps\59460JanneKalliokulju.YahtzeeGame_1.0.0.14_x64__j30e6g75nf7sj [2020-08-09] (Janne Kalliokulju)
Yatzy Ultimate Free -> C:\Program Files\WindowsApps\Seavus.YatzyUltimateFree_5.10.0.147_x86__bwc13hzg5kga8 [2019-11-20] (Seavus) [MS Ad]
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-11-22] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-13] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers2: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-02-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers4: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers5: [DiffDogFileHandlerMenu] -> {FD62EEF6-2AB3-411D-986E-916210538B31} => C:\Program Files\Altova\DiffDog2020\\DiffDogShellExtension_x64.dll [2019-11-29] (Altova GmbH -> Altova GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [8704 2014-10-28] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download

==================== Loaded Modules (Whitelisted) =============

2014-02-25 22:14 - 2014-02-25 22:14 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2020-04-16 09:24 - 2013-04-26 17:31 - 000521216 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2020-04-16 09:24 - 2013-04-26 17:28 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-02-25 22:18 - 2014-02-25 22:18 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutlookLib.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-02-25 22:18 - 2014-02-25 22:18 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-02-25 22:09 - 2014-02-25 22:09 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-02-25 22:09 - 2014-02-25 22:09 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-02-25 22:13 - 2014-02-25 22:13 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-02-25 22:12 - 2014-02-25 22:12 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:03BF0375 [278]
AlternateDataStreams: C:\ProgramData\Temp:0D3CE40A [0]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:1409277B [0]
AlternateDataStreams: C:\ProgramData\Temp:14617264 [127]
AlternateDataStreams: C:\ProgramData\Temp:15D23447 [240]
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5 [205]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [290]
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4 [216]
AlternateDataStreams: C:\ProgramData\Temp:3A0561F3 [482]
AlternateDataStreams: C:\ProgramData\Temp:3F2212BB [0]
AlternateDataStreams: C:\ProgramData\Temp:3F6B95A0 [218]
AlternateDataStreams: C:\ProgramData\Temp:40937279 [124]
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD [111]
AlternateDataStreams: C:\ProgramData\Temp:41F8E189 [248]
AlternateDataStreams: C:\ProgramData\Temp:43301D1D [202]
AlternateDataStreams: C:\ProgramData\Temp:466FA8C3 [141]
AlternateDataStreams: C:\ProgramData\Temp:4AC1D560 [229]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:4C496DBA [492]
AlternateDataStreams: C:\ProgramData\Temp:52AB1CE4 [207]
AlternateDataStreams: C:\ProgramData\Temp:538A9F02 [210]
AlternateDataStreams: C:\ProgramData\Temp:5433DBEF [201]
AlternateDataStreams: C:\ProgramData\Temp:575EA127 [122]
AlternateDataStreams: C:\ProgramData\Temp:5CAB8A04 [235]
AlternateDataStreams: C:\ProgramData\Temp:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\Temp:6C74C778 [236]
AlternateDataStreams: C:\ProgramData\Temp:6DA52D51 [139]
AlternateDataStreams: C:\ProgramData\Temp:744478A2 [224]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [163]
AlternateDataStreams: C:\ProgramData\Temp:78ADFF54 [0]
AlternateDataStreams: C:\ProgramData\Temp:79059537 [243]
AlternateDataStreams: C:\ProgramData\Temp:82FF14B1 [194]
AlternateDataStreams: C:\ProgramData\Temp:86725A4F [238]
AlternateDataStreams: C:\ProgramData\Temp:895A78C5 [139]
AlternateDataStreams: C:\ProgramData\Temp:8AED9359 [207]
AlternateDataStreams: C:\ProgramData\Temp:9547F1DB [218]
AlternateDataStreams: C:\ProgramData\Temp:9AD417ED [201]
AlternateDataStreams: C:\ProgramData\Temp:9EF92A1A [215]
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E [402]
AlternateDataStreams: C:\ProgramData\Temp:B935DA62 [296]
AlternateDataStreams: C:\ProgramData\Temp:B9F8237A [200]
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899 [248]
AlternateDataStreams: C:\ProgramData\Temp:BDE546C6 [192]
AlternateDataStreams: C:\ProgramData\Temp:BED8A204 [0]
AlternateDataStreams: C:\ProgramData\Temp:C2D64F38 [274]
AlternateDataStreams: C:\ProgramData\Temp:C3392F75 [207]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [212]
AlternateDataStreams: C:\ProgramData\Temp:ECD86790 [288]
AlternateDataStreams: C:\ProgramData\Temp:EE35D8BE [153]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2169875413-863306336-142727359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> DefaultScope {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2021-01-24 15:39 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Acer\abFiles\
HKU\S-1-5-21-2169875413-863306336-142727359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nola\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{069649DC-C5AA-4825-8430-220FAC652650}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{758AC8C6-5329-4CDF-8883-9EAA9A72511F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{14712D86-0306-4D1D-9787-C54280F5CE0B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{79531E05-FF31-4F39-A98C-CC8B16BBE063}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{A18F6315-F276-473C-801F-03FC9B09A504}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{6B3BEFBC-DD41-4917-BD55-045B6B137A7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{07DC3E21-004C-4149-85C0-A1E4BD9BB91D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{FB1C5D98-381B-4E3A-A88F-451A49A81017}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0524E956-39D2-4EE6-BE73-3B727EAFC67B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{8B1A715B-8F54-4A6D-8AEA-8C6629AAC139}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{50EA32E8-3E9C-42FE-8AC8-2EF40683ABA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5403C521-975F-4883-A6B6-FF0E3F987CE7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0CD7AFF3-598E-459D-8FD7-DB6D2AAAE12B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{B613BB0C-0FC9-4D15-AB81-650DCC7DE2E1}] => (Allow) C:\Users\Nola\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{98CBF9E2-C3B3-4FCB-9DCA-BD47AB42CDEB}] => (Allow) C:\Users\Nola\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{FC1739E0-46F4-4D30-BB03-27695E429208}C:\windows\system32\msiexec.exe] => (Allow) C:\windows\system32\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{7926308C-C4AA-42E1-BD29-BAB9917E78FB}C:\windows\system32\msiexec.exe] => (Allow) C:\windows\system32\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{89C3BAAB-F456-429B-93A5-EFFE8F2C7C18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 19:42:23 Scheduled Checkpoint
17-01-2021 03:26:33 Windows Update
24-01-2021 15:39:40 Removed Java 8 Update 261

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/24/2021 04:36:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 61c

Start Time: 01d6f2a10498b534

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 8f32f1dc-5e94-11eb-82d8-acb57d38e06b

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2021 11:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Word Monaco.exe, version: 1.0.0.1, time stamp: 0x44be48aa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x02c9fa9d
Faulting process id: 0xef0
Faulting application start time: 0x01d6f20b1acc308c
Faulting application path: C:\Program Files (x86)\Word Monaco\Word Monaco.exe
Faulting module path: unknown
Report Id: 3fd254f7-5e04-11eb-82d7-acb57d38e06b
Faulting package full name:
Faulting package-relative application ID:

Error: (01/23/2021 07:22:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Nola\Downloads\chrome.exe".
Dependent Assembly 83.0.4103.116,language="*",type="win32",version="83.0.4103.116" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2021 07:16:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d48

Start Time: 01d6f1cfa50cc75e

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 5d0d7b5a-5de1-11eb-82d7-acb57d38e06b

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2021 07:14:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1098

Start Time: 01d6f1ee227e1b81

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 927278fc-5de1-11eb-82d7-acb57d38e06b

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2021 07:14:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Nola\Downloads\chrome.exe".
Dependent Assembly 83.0.4103.116,language="*",type="win32",version="83.0.4103.116" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2021 06:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.2, time stamp: 0x53ac24cc
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0x1138
Faulting application start time: 0x01d6f1cfcd6720a5
Faulting application path: C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll
Report Id: b575172f-5dd8-11eb-82d7-acb57d38e06b
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2021 02:20:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a78

Start Time: 01d6edfa3e242756

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: dff3a7d5-5a2e-11eb-82d5-acb57d38e06b

Faulting package full name: 26194KrmiGerg.SchedulePlanner_1.1.1.2_x64__8ec0x26xtr58c

Faulting package-relative application ID: App

System errors:
=============
Error: (01/19/2021 02:18:25 AM) (Source: DCOM) (EventID: 10001) (User: GRAMMASROOM)
Description: Unable to start a DCOM Server: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

Error: (01/19/2021 02:18:24 AM) (Source: DCOM) (EventID: 10010) (User: GRAMMASROOM)
Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.

Error: (01/04/2021 03:35:56 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:48 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:40 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:32 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:24 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2021 03:35:15 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Windows Defender:
===================================
Date: 2021-01-23 22:58:56.922
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B2C58DF3-55A1-4814-94DC-54B333EC3F11}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-23 18:38:47.771
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {76D14EDF-FED6-4965-AD04-39EF980C053E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 07:26:07.184
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5F790856-43CC-4DBB-8BC0-F8495084CFD0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 10:51:30.736
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8D1D1299-4E35-42BC-9FDE-FCC75914EB4F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 05:35:27.727
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8C6EC1B7-C909-4A45-AB4C-6648A7970A01}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 12:21:51.045
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.329.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:51.044
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.329.1737.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:50.911
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:50.799
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2021-01-08 12:21:31.159
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.329.1737.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: Acer V1.06 09/25/2014
Motherboard: Acer Aspire E5-511P
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 40%
Total physical RAM: 3979.2 MB
Available physical RAM: 2350.21 MB
Total Virtual: 4683.2 MB
Available Virtual: 3007.02 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.98 GB) (Free:390.96 GB) NTFS

\\?\Volume{80eb9ccb-b991-4d71-bcbb-27ae78031c25}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
\\?\Volume{3fdf2fd6-32b8-4470-b242-7fb55cc6f397}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{d30944dc-53da-4c54-868a-adb896f45483}\ (Push Button Reset) (Fixed) (Total:15.34 GB) (Free:2.44 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BBC06BB5)

Partition: GPT.

==================== End of Addition.txt =======================

Next I installed the Adware and here are the results for it

# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-24-2021
# Duration: 00:01:26
# OS: Windows 8.1
# Scanned: 31956
# Detected: 72
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.pokki C:\Users\OVRLibraryService\AppData\Local\Pokki
Adware.pokki C:\Users\Public\Pokki
PUP.Optional.Booking C:\Program Files\Booking.com
PUP.Optional.Legacy C:\Program Files (x86)\iWin.com Games
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
PUP.Optional.Legacy C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
PUP.Optional.Legacy C:\Users\Nola\AppData\Roaming\Pogo Games

***** [ Files ] *****

PUP.Optional.Booking C:\Users\Nola\Favorites\Booking.com.url
PUP.Optional.Booking C:\Users\OVRLibraryService\Favorites\Booking.com.url

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.TryMedia HKCU\Software\Trymedia Systems
Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
Adware.pokki HKCU\Software\Classes\pokki
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn|SBOEM3
PUP.Optional.Legacy HKCU\Software\APN PIP
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy agfjdflmdlnffhlfmjdpbcoccaeamikk

***** [ Chromium URLs ] *****

PUP.Optional.Conduit http://search.conduit.com/?gd=&ctid...1-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
PUP.Optional.Conduit http://search.conduit.com/?gd=&ctid...1-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
PUP.Optional.Conduit http://search.conduit.com/?gd=&ctid...=SPBF91A14B-279A-48C3-A2A2-2E56DE59F9DB&SSPV=
PUP.Optional.Conduit http://search.conduit.com/?gd=&ctid...1-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
PUP.Optional.Legacy http://Lasaoren.com/?f=7&a=lrn_ir_1...tGtBtByDtByE0EtDyDtBtA0F0A2Q&cr=233277235&ir=
PUP.Optional.Legacy http://homepage-web.com/?s=acer&m=start

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ACERAOPFramework Folder C:\Program Files (x86)\ACER\AOP FRAMEWORK
Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Preinstalled.AcerExplorerAgent Folder C:\Program Files\ACER\ACER EXPLORER AGENT
Preinstalled.AcerExplorerAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\FARM TO FORK COLLECTORS EDITION
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\KING ODDBALL
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\LUXOR EVOLVED
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\MAGIC ACADEMY
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PEGGLE NIGHTS
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\POLAR BOWLER 1ST FRAME
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-023c55ad-897a-48ad-9316-2cae6a492602
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-20a68326-716f-4970-a475-0ea9c05077d4
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2b053d63-76be-4744-b7e6-c849fa701987
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2d9371b7-93ef-45d8-99c5-4dd649b6f1da
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4ecd0fa3-0927-4bf6-ab00-e61c96d88749
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6ba243f8-6f6e-4ff5-ba14-d6e9a15b214f
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-84062b1b-e899-4d14-a2c0-558c99c40a6b
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-99dd91d7-a059-4a28-9b7a-fb4ebb571271
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a4534830-4fad-4c96-9d9b-27466fc38be3
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-c5c7d33e-2377-4950-8732-d1a99c7d47d2
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d6c5e282-8b5e-4faf-bf51-4a443b3ea61c
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-f407f3a6-94c6-4e19-842b-7f09024157b9
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-f5cbd03a-4aa4-4a93-bbe1-5cfbb970df31
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-febbfdff-3d6b-48d6-948a-4241a3e8d649
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-acer-genres
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-acer-main
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer
Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
and the Malware:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/24/21
Scan Time: 5:47 PM
Log File: 9060d37e-5e9e-11eb-bf41-acb57d38e06b.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1146
Update Package Version: 1.0.36191
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: GRAMMASROOM\Nola

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274780
Threats Detected: 23
Threats Quarantined: 0
Time Elapsed: 16 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.TryMedia, HKU\S-1-5-21-2169875413-863306336-142727359-1001\SOFTWARE\Trymedia Systems, No Action By User, 582, 210647, 1.0.36191, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.GetMyDrivers, C:\Users\Nola\AppData\Roaming\GetMyDrivers\InstallerLogs, No Action By User, 13005, 665595, , , , , ,
PUP.Optional.GetMyDrivers, C:\USERS\NOLA\APPDATA\ROAMING\GETMYDRIVERS, No Action By User, 13005, 665595, 1.0.36191, , ame, , ,
PUP.Optional.Conduit, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 139, 454832, , , , , ,
PUP.Optional.Conduit, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 139, 454832, , , , , ,
PUP.Optional.Conduit, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 139, 454832, , , , , ,
PUP.Optional.Lasaoren, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 4711, 455249, , , , , ,

File: 16
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, No Action By User, 7798, 310593, , , , , 6F14F96741AE5827358596A8E74940DD, 8A120968CA1AA1CE17E611C465EE7159439F64766EC5360E946B275C1436130F
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, No Action By User, 7798, 310593, , , , , BC263A416B777D1921ED64568FD1FD90, 17ADAA73F8E93E9C438B3DF630E186F89D23E1C05A358367FFD5A957569DE751
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, No Action By User, 7798, 310593, , , , , 9163B2F822B5CDEE7F576B10E8EBD932, E667C79C93BB5B1D60DA6BC8B4B5F14A4B0FECF9270468CD1C184E5B1C142FC2
PUP.Optional.GetMyDrivers, C:\Users\Nola\AppData\Roaming\GetMyDrivers\InstallerLogs\StatusLog2019_12_25_8_25.log, No Action By User, 13005, 665595, , , , , ,
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 139, 454832, , , , , 5620E5EA11A908660EEF1AEFE9C4BF80, 5352D4A453AF0E6A10E46B21729A97E7BFB29A92F97C8AEA6330E432EB8C38DC
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000634.log, No Action By User, 139, 454832, , , , , 3DA4A2FCFD8F786EEE47DF88C6232F60, 88903E7843B182D663F3DF6EB1CC997E4D76595C293069F465FC098C9C7FDED2
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000636.ldb, No Action By User, 139, 454832, , , , , DA74993369ECFFB95142E48F19E7EACF, 5D6253B49633A9ABE57A39511CD91897EF74D928ADA92ADFD0AE95800C2D5F36
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 139, 454832, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 139, 454832, , , , , ,
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 139, 454832, , , , , 7DD04CB0D2A0A99CFA69760F58A56172, 5041E85A10F26EE79676D97C91830FA599521F6E4FE03BCDC0E7B999AF3D28FE
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 139, 454832, , , , , AC93BCA5586957867B647E98A0FE25F4, 2941B211E4F1741ADC6B734654D672EA23417F81B85B7802C080D68BBC2C1F02
PUP.Optional.Conduit, C:\Users\Nola\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 139, 454832, , , , , 89670C4D19C36C986A8D0DEE8E3F9440, 268F225E6F40AF455E159980EF51DDFACCC9C1E4EBAFC9CC8DF7B78D289101B6
PUP.Optional.Conduit, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 139, 454832, 1.0.36191, , ame, , 0853A040B635295B39060F6A9712D391, 7D5BDBBEF9E3A184A2A2EF4CA4C6DD255F1B86EFF0F60CC9CEB3A4E58CA3DE07
PUP.Optional.Conduit, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 139, 454832, 1.0.36191, , ame, , 0853A040B635295B39060F6A9712D391, 7D5BDBBEF9E3A184A2A2EF4CA4C6DD255F1B86EFF0F60CC9CEB3A4E58CA3DE07
PUP.Optional.Conduit, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 139, 454832, 1.0.36191, , ame, , 0853A040B635295B39060F6A9712D391, 7D5BDBBEF9E3A184A2A2EF4CA4C6DD255F1B86EFF0F60CC9CEB3A4E58CA3DE07
PUP.Optional.Lasaoren, C:\USERS\NOLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 4711, 455249, 1.0.36191, , ame, , 0853A040B635295B39060F6A9712D391, 7D5BDBBEF9E3A184A2A2EF4CA4C6DD255F1B86EFF0F60CC9CEB3A4E58CA3DE07

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

I dont know what else I need to do. Hopefully you'll be able to let me know. Thank you so much for your time and help.
Nola:)
 
#4 ·
Hi, Nola.

Well done! You did a very good job by uninstalling so many unnecessary programs!

At this point, please have in mind the following. They are our guidelines during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

==================================

Let's move on now. :)

Question: Did you intentionally enable notifications from these sites in Chrome? I guess yes, but I have to ask you first.

Code:
forums.techguy.org;
medicare.healthcare.com;
music.amazon.com;
myhomenetwork.att.com;
mypdf.online;
www.730sagestreet.com;
www.allrecipes.com;
www.hudforeclosed.com;
www.medigap.com
1. FRST fix

We need this fix before attempting anything else.

Download the attached fixlist.txt to the same location as FRST tool is (Desktop).

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders, Registry and Chromium parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Since you removed many of this preinstalled software before, you may consider removing all the lines having the word Acer in them:

Code:
Preinstalled.ACERAOPFramework   Folder   C:\Program Files (x86)\ACER\AOP FRAMEWORK
Preinstalled.ACERAOPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Preinstalled.AcerExplorerAgent   Folder   C:\Program Files\ACER\ACER EXPLORER AGENT
Preinstalled.AcerExplorerAgent   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER
WildTangentGames is also came preinstalled in your computer. Since you or your granddaughter may be using it, you can keep it. The decision here is yours.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

3. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. Your reply about the notifications.
  2. The fixlog.txt
  3. The AdwCleaner[C0*].txt
  4. The Malwarebytes report
 

Attachments

#5 ·
As for your question about enabling those notifications, by doing that doesn't that just mean that I'll get a notification when I get a response from that location? I don't remember doing it, nor know how to unless it pops up and asks me about it. But the only ones that I would want a notification from would be techguy.org, Medicare healthcare. None of the others and some I haven't heard of or use. I haven't started on this yet but I'm fixing to. I needed to see what I needed to do with those notification things. Also, I did uninstall everything that was in the program uninstaller that started with Acer. None of those have ever worked since I got the pc. Why are they still showing up? Okay, as soon as I hear back about what to do with notifications, I'll start on this.
Thank you
Nola Barrett
 
#6 ·
Hi, Nola.

Thank you. You can go on with the next steps. We will come to the notifications matter later. As for the Acer remnants, you will have to choose them for quarantine when you run the AdwCleaner again and be warned for the preintalled software.
 
#7 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Nola (25-01-2021 14:30:37) Run:1
Running from C:\Users\Nola\Desktop
Loaded Profiles: Nola
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
createrestorepoint:
HKU\S-1-5-21-2169875413-863306336-142727359-1001\...\RunOnce: [Application Restart #2] => C:\Users\Nola\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resourc (the data entry has 603 more characters).
C:\Users\Nola\AppData\Local\SweetLabs App Platform
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Edge DefaultSearchURL: Default -> hxxps://search.securybrowse.com/?dss&yh&q={searchTerms}
Edge DefaultSearchKeyword: Default -> securyBrowse
Edge DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
Edge Extension: (securyBrowse) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kjincgipkjkimkcmolmajgcfpdjbckgc [2021-01-24]
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=MBACF4E82-A701-46E8-B62C-54D1B47E47D5&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPBF91A14B-279A-48C3-A2A2-2E56DE59F9DB&SSPV=","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP8131E8C3-CF81-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch","hxxp://Lasaoren.com/?f=7&a=lrn_ir_14_45_ie&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0FzzyEyE0CtAtB0BtCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0B0ByDyEtBtDtGtAyEtC0AtGyBtDzz0DtGyEtAyDyBtGtByC0CtCyByB0AyC0EzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyD0F0F0C0A0DtGyC0E0D0FtGyE0E0CtCtG0AyEzyzztGtBtByDtByE0EtDyDtBtA0F0A2Q&cr=233277235&ir=","hxxp://homepage-web.com/?s=acer&m=start","hxxp://www.google.com","hxxp://www.google.com/"
S3 cpuz136; \??\C:\Users\Nola\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 OCULUSVRHEADSET; \SystemRoot\system32\DRIVERS\OCULUS119B.sys [X]
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]
C:\Users\Nola\Desktop\Rkill.txt
C:\Users\Nola\Downloads\rkill.exe
AlternateDataStreams: C:\ProgramData\Temp:03BF0375 [278]
AlternateDataStreams: C:\ProgramData\Temp:0D3CE40A [0]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:1409277B [0]
AlternateDataStreams: C:\ProgramData\Temp:14617264 [127]
AlternateDataStreams: C:\ProgramData\Temp:15D23447 [240]
AlternateDataStreams: C:\ProgramData\Temp:225CD7D5 [205]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [290]
AlternateDataStreams: C:\ProgramData\Temp:2FC7B9E4 [216]
AlternateDataStreams: C:\ProgramData\Temp:3A0561F3 [482]
AlternateDataStreams: C:\ProgramData\Temp:3F2212BB [0]
AlternateDataStreams: C:\ProgramData\Temp:3F6B95A0 [218]
AlternateDataStreams: C:\ProgramData\Temp:40937279 [124]
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD [111]
AlternateDataStreams: C:\ProgramData\Temp:41F8E189 [248]
AlternateDataStreams: C:\ProgramData\Temp:43301D1D [202]
AlternateDataStreams: C:\ProgramData\Temp:466FA8C3 [141]
AlternateDataStreams: C:\ProgramData\Temp:4AC1D560 [229]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:4C496DBA [492]
AlternateDataStreams: C:\ProgramData\Temp:52AB1CE4 [207]
AlternateDataStreams: C:\ProgramData\Temp:538A9F02 [210]
AlternateDataStreams: C:\ProgramData\Temp:5433DBEF [201]
AlternateDataStreams: C:\ProgramData\Temp:575EA127 [122]
AlternateDataStreams: C:\ProgramData\Temp:5CAB8A04 [235]
AlternateDataStreams: C:\ProgramData\Temp:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\Temp:6C74C778 [236]
AlternateDataStreams: C:\ProgramData\Temp:6DA52D51 [139]
AlternateDataStreams: C:\ProgramData\Temp:744478A2 [224]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [163]
AlternateDataStreams: C:\ProgramData\Temp:78ADFF54 [0]
AlternateDataStreams: C:\ProgramData\Temp:79059537 [243]
AlternateDataStreams: C:\ProgramData\Temp:82FF14B1 [194]
AlternateDataStreams: C:\ProgramData\Temp:86725A4F [238]
AlternateDataStreams: C:\ProgramData\Temp:895A78C5 [139]
AlternateDataStreams: C:\ProgramData\Temp:8AED9359 [207]
AlternateDataStreams: C:\ProgramData\Temp:9547F1DB [218]
AlternateDataStreams: C:\ProgramData\Temp:9AD417ED [201]
AlternateDataStreams: C:\ProgramData\Temp:9EF92A1A [215]
AlternateDataStreams: C:\ProgramData\Temp:ABFEED8E [402]
AlternateDataStreams: C:\ProgramData\Temp:B935DA62 [296]
AlternateDataStreams: C:\ProgramData\Temp:B9F8237A [200]
AlternateDataStreams: C:\ProgramData\Temp:BC8E9899 [248]
AlternateDataStreams: C:\ProgramData\Temp:BDE546C6 [192]
AlternateDataStreams: C:\ProgramData\Temp:BED8A204 [0]
AlternateDataStreams: C:\ProgramData\Temp:C2D64F38 [274]
AlternateDataStreams: C:\ProgramData\Temp:C3392F75 [207]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [212]
AlternateDataStreams: C:\ProgramData\Temp:ECD86790 [288]
AlternateDataStreams: C:\ProgramData\Temp:EE35D8BE [153]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> DefaultScope {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169875413-863306336-142727359-1001 -> {F233193F-7246-4FBC-B5DF-043D2EB03AF6} URL =
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
FirewallRules: [{B632A2DE-D859-40A0-A4B9-4B4C30186E57}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{57A34412-1755-40AA-A04F-8AD76D3E7060}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{4D9873D4-1AD2-4069-A304-4539963B8A88}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{069649DC-C5AA-4825-8430-220FAC652650}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{758AC8C6-5329-4CDF-8883-9EAA9A72511F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{14712D86-0306-4D1D-9787-C54280F5CE0B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{79531E05-FF31-4F39-A98C-CC8B16BBE063}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{A18F6315-F276-473C-801F-03FC9B09A504}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{6B3BEFBC-DD41-4917-BD55-045B6B137A7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{07DC3E21-004C-4149-85C0-A1E4BD9BB91D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{FB1C5D98-381B-4E3A-A88F-451A49A81017}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0524E956-39D2-4EE6-BE73-3B727EAFC67B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{8B1A715B-8F54-4A6D-8AEA-8C6629AAC139}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{50EA32E8-3E9C-42FE-8AC8-2EF40683ABA2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5403C521-975F-4883-A6B6-FF0E3F987CE7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{0CD7AFF3-598E-459D-8FD7-DB6D2AAAE12B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{B613BB0C-0FC9-4D15-AB81-650DCC7DE2E1}] => (Allow) C:\Users\Nola\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{98CBF9E2-C3B3-4FCB-9DCA-BD47AB42CDEB}] => (Allow) C:\Users\Nola\AppData\Roaming\Zoom\bin\airhost.exe => No File
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-2169875413-863306336-142727359-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2" => removed successfully
"C:\Users\Nola\AppData\Local\SweetLabs App Platform" => not found
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultSearchKeyword" => removed successfully
"Edge DefaultSuggestURL" => removed successfully
Edge Extension: (securyBrowse) - C:\Users\Nola\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kjincgipkjkimkcmolmajgcfpdjbckgc [2021-01-24] => Error: No automatic fix found for this entry.
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz136 => removed successfully
cpuz136 => service removed successfully
HKLM\System\CurrentControlSet\Services\OCULUSVRHEADSET => removed successfully
OCULUSVRHEADSET => service removed successfully
HKLM\System\CurrentControlSet\Services\OCUSBVID => removed successfully
OCUSBVID => service removed successfully
C:\Users\Nola\Desktop\Rkill.txt => moved successfully
C:\Users\Nola\Downloads\rkill.exe => moved successfully
C:\ProgramData\Temp => ":03BF0375" ADS removed successfully
C:\ProgramData\Temp => ":0D3CE40A" ADS removed successfully
C:\ProgramData\Temp => ":1349D788" ADS removed successfully
C:\ProgramData\Temp => ":1409277B" ADS removed successfully
C:\ProgramData\Temp => ":14617264" ADS removed successfully
C:\ProgramData\Temp => ":15D23447" ADS removed successfully
C:\ProgramData\Temp => ":225CD7D5" ADS removed successfully
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully
C:\ProgramData\Temp => ":2FC7B9E4" ADS removed successfully
C:\ProgramData\Temp => ":3A0561F3" ADS removed successfully
C:\ProgramData\Temp => ":3F2212BB" ADS removed successfully
C:\ProgramData\Temp => ":3F6B95A0" ADS removed successfully
C:\ProgramData\Temp => ":40937279" ADS removed successfully
C:\ProgramData\Temp => ":41B2DADD" ADS removed successfully
C:\ProgramData\Temp => ":41F8E189" ADS removed successfully
C:\ProgramData\Temp => ":43301D1D" ADS removed successfully
C:\ProgramData\Temp => ":466FA8C3" ADS removed successfully
C:\ProgramData\Temp => ":4AC1D560" ADS removed successfully
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully
C:\ProgramData\Temp => ":4C496DBA" ADS removed successfully
C:\ProgramData\Temp => ":52AB1CE4" ADS removed successfully
C:\ProgramData\Temp => ":538A9F02" ADS removed successfully
C:\ProgramData\Temp => ":5433DBEF" ADS removed successfully
C:\ProgramData\Temp => ":575EA127" ADS removed successfully
C:\ProgramData\Temp => ":5CAB8A04" ADS removed successfully
C:\ProgramData\Temp => ":5DABFF83" ADS removed successfully
C:\ProgramData\Temp => ":6C74C778" ADS removed successfully
C:\ProgramData\Temp => ":6DA52D51" ADS removed successfully
C:\ProgramData\Temp => ":744478A2" ADS removed successfully
C:\ProgramData\Temp => ":7687A3E3" ADS removed successfully
C:\ProgramData\Temp => ":78ADFF54" ADS removed successfully
C:\ProgramData\Temp => ":79059537" ADS removed successfully
C:\ProgramData\Temp => ":82FF14B1" ADS removed successfully
C:\ProgramData\Temp => ":86725A4F" ADS removed successfully
C:\ProgramData\Temp => ":895A78C5" ADS removed successfully
C:\ProgramData\Temp => ":8AED9359" ADS removed successfully
C:\ProgramData\Temp => ":9547F1DB" ADS removed successfully
C:\ProgramData\Temp => ":9AD417ED" ADS removed successfully
C:\ProgramData\Temp => ":9EF92A1A" ADS removed successfully
C:\ProgramData\Temp => ":ABFEED8E" ADS removed successfully
C:\ProgramData\Temp => ":B935DA62" ADS removed successfully
C:\ProgramData\Temp => ":B9F8237A" ADS removed successfully
C:\ProgramData\Temp => ":BC8E9899" ADS removed successfully
C:\ProgramData\Temp => ":BDE546C6" ADS removed successfully
C:\ProgramData\Temp => ":BED8A204" ADS removed successfully
C:\ProgramData\Temp => ":C2D64F38" ADS removed successfully
C:\ProgramData\Temp => ":C3392F75" ADS removed successfully
C:\ProgramData\Temp => ":E73B14E2" ADS removed successfully
C:\ProgramData\Temp => ":ECD86790" ADS removed successfully
C:\ProgramData\Temp => ":EE35D8BE" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => removed successfully
"HKU\S-1-5-21-2169875413-863306336-142727359-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2169875413-863306336-142727359-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => removed successfully
HKU\S-1-5-21-2169875413-863306336-142727359-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F233193F-7246-4FBC-B5DF-043D2EB03AF6} => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B632A2DE-D859-40A0-A4B9-4B4C30186E57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4F0C4BE-CA36-4957-9CE2-AC910EE47A43}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57A34412-1755-40AA-A04F-8AD76D3E7060}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{731FEE96-B9D0-47BA-AE5E-D4D969B0F3C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ACBDD2C-0A4F-402F-9DF3-0212EC8D82FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{089B48B6-6BBC-40F9-A1FD-E7C0A7E7E326}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC676053-4C76-4DD8-B6C2-EA8E48D5104C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D9873D4-1AD2-4069-A304-4539963B8A88}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DF6891F-A29F-4C9D-93E5-77EF5DF96F6E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{069649DC-C5AA-4825-8430-220FAC652650}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{758AC8C6-5329-4CDF-8883-9EAA9A72511F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14712D86-0306-4D1D-9787-C54280F5CE0B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79531E05-FF31-4F39-A98C-CC8B16BBE063}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A18F6315-F276-473C-801F-03FC9B09A504}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B3BEFBC-DD41-4917-BD55-045B6B137A7D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07DC3E21-004C-4149-85C0-A1E4BD9BB91D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB1C5D98-381B-4E3A-A88F-451A49A81017}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0524E956-39D2-4EE6-BE73-3B727EAFC67B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B1A715B-8F54-4A6D-8AEA-8C6629AAC139}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50EA32E8-3E9C-42FE-8AC8-2EF40683ABA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5403C521-975F-4883-A6B6-FF0E3F987CE7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD7AFF3-598E-459D-8FD7-DB6D2AAAE12B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B613BB0C-0FC9-4D15-AB81-650DCC7DE2E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98CBF9E2-C3B3-4FCB-9DCA-BD47AB42CDEB}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer\\SystemComponent" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41423300 B
Java, Flash, Steam htmlcache => 43001 B
Windows/system/drivers => 197149216 B
Edge => 0 B
Chrome => 685753797 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 372047 B
systemprofile32 => 372175 B
LocalService => 384679 B
NetworkService => 2357249 B
Nola => 2863159681 B
OVRLibraryService => 2863159681 B
RecycleBin => 84203408 B
EmptyTemp: => 6.3 GB temporary data Removed.

================================

The system needed a reboot.
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-25-2021
# Duration: 00:00:29
# OS: Windows 8.1
# Cleaned: 30
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\iWin.com Games
Deleted C:\Program Files\Booking.com
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
Deleted C:\Users\Nola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
Deleted C:\Users\Nola\AppData\Roaming\Pogo Games
Deleted C:\Users\OVRLibraryService\AppData\Local\Pokki
Deleted C:\Users\Public\Pokki

***** [ Files ] *****

Deleted C:\Users\Nola\Favorites\Booking.com.url
Deleted C:\Users\OVRLibraryService\Favorites\Booking.com.url

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\Classes\pokki
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKCU\Software\Trymedia Systems
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn|SBOEM3
Deleted HKLM\Software\Wow6432Node\Trymedia Systems

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://Lasaoren.com/?f=7&a=lrn_ir_1...tGtBtByDtByE0EtDyDtBtA0F0A2Q&cr=233277235&ir=
Deleted http://homepage-web.com/?s=acer&m=start
Deleted http://search.conduit.com/?gd=&ctid...1-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
Deleted http://search.conduit.com/?gd=&ctid...1-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch
Deleted http://search.conduit.com/?gd=&ctid...=SPBF91A14B-279A-48C3-A2A2-2E56DE59F9DB&SSPV=
Deleted http://search.conduit.com/?gd=&ctid...1-4C37-8707-942F0EBC0B9E&SSPV=SE3NTPBCG_sp_ch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.ACERAOPFramework Folder C:\Program Files (x86)\ACER\AOP FRAMEWORK
Deleted Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Deleted Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Deleted Preinstalled.AcerExplorerAgent Folder C:\Program Files\ACER\ACER EXPLORER AGENT
Deleted Preinstalled.AcerExplorerAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [10563 octets] - [24/01/2021 17:45:46]
AdwCleaner[S01].txt - [10597 octets] - [25/01/2021 17:05:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

==== End of Fixlog 14:37:10 ====
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/25/21
Scan Time: 5:29 PM
Log File: 3371aa4a-5f65-11eb-a646-acb57d38e06b.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1146
Update Package Version: 1.0.36195
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: GRAMMASROOM\Nola

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 263427
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 10 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.GetMyDrivers, C:\Users\Nola\AppData\Roaming\GetMyDrivers\InstallerLogs, Quarantined, 13005, 665595, , , , , ,
PUP.Optional.GetMyDrivers, C:\USERS\NOLA\APPDATA\ROAMING\GETMYDRIVERS, Quarantined, 13005, 665595, 1.0.36195, , ame, , ,

File: 1
PUP.Optional.GetMyDrivers, C:\Users\Nola\AppData\Roaming\GetMyDrivers\InstallerLogs\StatusLog2019_12_25_8_25.log, Quarantined, 13005, 665595, , , , , ,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Okay, now all that is done and hopefully I did it right. If I happen to do something that I shouldn't have, please believe me that it was not intentional at all. I've read some other posts where an administrator was getting onto someone for doing something before asking. That's definately not the case here. lol If I was going to do that, why even bother ya'll about it. I really appreciate what all of you do. It's just sometimes a little bit difficult for me to understand, so I have to go really slow and hope I do it right. I do have allot of games on here, does that hurt anything?
Thank you very much for your time and patience with me.
Nola Barrett
 
#8 ·
Hi, Nola.

You did everything right, so do not worry. :)

How is the computer running now?

Have in mind that I'm planning to add the notifications line in a future fix, meaning that all the notifications will be removed. There is no automatic fix for removing only some of them. So, if you want to continue getting notifications from techguy and medicare sites, you will have to enable them as you did the first time.

For now, I would just want to see fresh FRST logs. Now you are an experienced user, this is a piece of cake for you!
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 
#10 ·
I'm leaving this thread due to lack of feedback. If you still need assistance, you can post here again, or, if the thread is closed, send me a personal message (hover the mouse on my profile avatar and press Start a conversation) with a link to the topic.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top