Inactive-A RogueKiller detecting itself as "Tr.Gen0"

Status
Not open for further replies.
KKimble

KKimble

Posts: 63   +0
Purchased a new laptop for school today, and after cleaning up the bloatware I installed RogueKiller. A few PUPs came up, but what stood out was the fact that "RogueKillerX64.exe" was detected as "Tr.Gen0" If I uninstall RogueKiller, will it fix the problem? Or will I still have issues? thanks

Logs below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Karissa (administrator) on LAPTOP-7DE1DIR6 (04-02-2017 05:14:40)
Running from C:\Users\Karissa\Desktop
Loaded Profiles: Karissa (Available Profiles: Karissa)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a4275c8-ec22-443a-981f-23cf190d490c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{614364c1-71e2-4cee-a020-91d54d5d127e}: [DhcpNameServer] 40.32.1.55

Internet Explorer:
==================
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> DefaultScope {194D4165-BD63-47B5-BE17-059DA40783B7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-10] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-10] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-11-10] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-11-10] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default
FF DefaultSearchEngine: Google
FF Homepage: yahoo.ca
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2016-01-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Extension: Amazon Assistant for Firefox - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\abb-acer@amazon.com [2017-02-03]
FF Extension: English (US) Language Pack - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-02-03]
FF Extension: Mozilla Partner Defaults - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\partnerdefaults@mozilla.com [2017-02-03]
FF Extension: adaware ad block - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-02-03]
FF Extension: Firefox Hotfix - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-03]
FF Extension: Adblock Plus - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [326392 2015-11-27] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-08-31] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-03-06] (Microsoft Corporation)
R2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [485344 2016-09-01] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350688 2016-09-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 OneSyncSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-11-10] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 Amazon 1Button App Service; "c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245760 2016-11-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202848 2016-04-14] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-18] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 05:14 - 2017-02-04 05:14 - 00019277 _____ C:\Users\Karissa\Desktop\FRST.txt
2017-02-04 05:14 - 2017-02-04 05:14 - 00000000 ____D C:\FRST
2017-02-04 05:09 - 2017-02-04 05:14 - 02193920 _____ (Farbar) C:\Users\Karissa\Desktop\FRST64.exe
2017-02-04 04:49 - 2017-02-04 04:49 - 00007626 _____ C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 03:40 - 2017-02-04 04:27 - 25969736 _____ C:\Users\Karissa\Downloads\RogueKillerX64.exe
2017-02-04 03:37 - 2017-02-04 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-04 03:10 - 2017-02-04 03:11 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-04 03:09 - 2017-02-04 03:10 - 00000000 ____D C:\Windows\system32\MRT
2017-02-04 03:09 - 2017-02-04 03:09 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-04 02:17 - 2017-02-04 04:39 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-04 02:17 - 2017-02-04 02:17 - 00000000 ____D C:\Users\Karissa\AppData\Local\MicrosoftEdge
2017-02-04 02:16 - 2017-02-04 03:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-04 02:02 - 2017-02-04 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Mozilla
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Local\Mozilla
2017-02-03 23:07 - 2017-02-03 23:07 - 00004890 _____ C:\Windows\System32\Tasks\AcerCMUpdateTask2.1.16258
2017-02-03 23:07 - 2017-02-03 23:07 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Macromedia
2017-02-03 23:01 - 2017-02-03 23:01 - 00000000 ____D C:\Users\Karissa\AppData\Local\Comms
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\WildTangent
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Local\IIIQF
2017-02-03 22:56 - 2017-02-03 22:56 - 00002348 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-03 22:56 - 2017-02-03 22:56 - 00000000 ___RD C:\Users\Karissa\OneDrive
2017-02-03 22:55 - 2017-02-03 22:55 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Intel Corporation
2017-02-03 22:54 - 2017-02-03 22:54 - 00001337 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-02-03 22:54 - 2017-02-03 22:54 - 00000000 ____D C:\Users\Karissa\AppData\Local\CareCenter
2017-02-03 22:53 - 2017-02-03 22:53 - 00000000 ____D C:\Users\Karissa\AppData\Local\ActiveSync
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\PicStream
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\Publishers
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\AOP SDK
2017-02-03 22:51 - 2017-02-03 22:51 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-03 22:50 - 2017-02-04 00:20 - 00000000 ____D C:\Users\Karissa\AppData\Local\Packages
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ___HD C:\ProgramData\O949
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Adobe
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\VirtualStore
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\TileDataLayer
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\ProgramData\Dashlane
2017-02-03 22:49 - 2017-02-04 00:14 - 00000000 ____D C:\Users\Karissa
2017-02-03 22:49 - 2017-02-03 22:50 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-03 22:49 - 2017-02-03 22:49 - 00000020 ___SH C:\Users\Karissa\ntuser.ini
2017-02-03 22:49 - 2017-02-03 22:49 - 00000000 ____D C:\Windows\oem
2017-02-03 22:49 - 2016-11-10 18:42 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 __RSD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 14:31 - 2016-11-10 20:02 - 00003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-02-04 14:31 - 2016-05-04 22:01 - 00003852 _____ C:\Windows\System32\Tasks\ACCAgent
2017-02-04 14:30 - 2016-11-10 20:32 - 00002074 _____ C:\Windows\System32\Tasks\FUBTrackingByPLD
2017-02-04 14:30 - 2016-11-10 20:21 - 00002256 _____ C:\Windows\System32\Tasks\Power Button
2017-02-04 14:30 - 2016-11-10 20:21 - 00002180 _____ C:\Windows\System32\Tasks\Quick Access
2017-02-04 14:30 - 2016-05-04 22:07 - 00002564 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-02-04 14:30 - 2016-05-04 22:04 - 00002496 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-04 14:30 - 2016-05-04 22:01 - 00004302 _____ C:\Windows\System32\Tasks\Software Update Application
2017-02-04 14:30 - 2016-05-04 22:01 - 00002820 _____ C:\Windows\System32\Tasks\ACC
2017-02-04 14:30 - 2016-05-04 22:01 - 00002328 _____ C:\Windows\System32\Tasks\ACCBackgroundApplication
2017-02-04 14:30 - 2015-10-30 01:28 - 00000000 __RHD C:\Users\Default
2017-02-04 04:28 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\sru
2017-02-04 03:44 - 2015-10-30 02:11 - 00000000 ____D C:\Windows\CbsTemp
2017-02-04 03:32 - 2016-11-10 18:04 - 00827564 _____ C:\Windows\system32\perfh00C.dat
2017-02-04 03:32 - 2016-11-10 18:04 - 00158080 _____ C:\Windows\system32\perfc00C.dat
2017-02-04 03:32 - 2016-05-04 22:13 - 01848468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 03:32 - 2016-05-04 22:01 - 00000000 ____D C:\Program Files (x86)\Acer
2017-02-04 03:32 - 2016-05-04 21:58 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-02-04 03:30 - 2016-11-10 20:02 - 00009321 _____ C:\Windows\SysWOW64\Gms.log
2017-02-04 03:27 - 2016-02-13 08:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-04 03:26 - 2016-05-04 21:51 - 00008110 _____ C:\Windows\PFRO.log
2017-02-04 03:26 - 2016-02-13 08:11 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-04 03:26 - 2015-10-30 01:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PrintDialog
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\SysWOW64\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\setup
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\oobe
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Provisioning
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Dism
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\bcastdvr
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-04 03:18 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-04 03:11 - 2016-11-10 20:13 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-04 03:11 - 2016-05-04 22:51 - 00000000 ____D C:\Windows\Panther
2017-02-04 02:36 - 2015-10-30 02:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-04 02:02 - 2016-11-10 18:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 02:00 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\AppReadiness
2017-02-04 01:13 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files\Acer
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\OEM
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-02-03 23:34 - 2016-05-04 22:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-03 23:28 - 2016-11-10 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-03 23:17 - 2016-02-13 08:12 - 00197440 _____ C:\Windows\setupact.log
2017-02-03 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\restore
2017-02-03 23:07 - 2016-05-04 22:46 - 00000000 ___HD C:\OEM
2017-02-03 23:07 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Acer
2017-02-03 23:07 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-02-03 23:06 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\appcompat
2017-02-03 23:04 - 2016-11-10 20:14 - 00000000 ___HD C:\ProgramData\{A90E7F59-66F4-44B3-AE99-B9C20B6DA5CE}
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-03 22:58 - 2015-10-30 01:28 - 00032768 ___SH C:\Windows\system32\config\ELAM

==================== Files in the root of some directories =======

2017-02-04 04:49 - 2017-02-04 04:49 - 0007626 _____ () C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2016-11-10 19:27 - 2016-11-10 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Karissa\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-04 21:51

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Karissa (2017-02-04 05:15:11)
Running from C:\Users\Karissa\Desktop
Windows 10 Home (X64) (2017-02-04 03:48:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2782783146-3927728050-3817788716-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2782783146-3927728050-3817788716-503 - Limited - Disabled)
Guest (S-1-5-21-2782783146-3927728050-3817788716-501 - Limited - Disabled)
Karissa (S-1-5-21-2782783146-3927728050-3817788716-1001 - Administrator - Enabled) => C:\Users\Karissa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3021 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3004 - Acer Incorporated)
Amazon 1Button App (HKLM-x32\...\{5095145F-A690-405A-9ABF-69C7A7319834}) (Version: 2.2.2 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.10.2002.1 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4475 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1070 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-02-2017 23:16:57 Removed Spotify Weblink

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D2BB57-D7ED-42E8-A40E-860FE59BB454} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {01FC4ABF-5D9B-4A26-BAA4-9C33E2F7B5FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {038E6C59-3F79-4B7C-897D-F524394C60A0} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-05-23] (Acer Incorporated)
Task: {0F1F25F8-7715-4B0F-9567-3F602C616ADE} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {156174FF-0BBA-4B79-BFB6-FC222C4F0060} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-08-31] (Acer Incorporated)
Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {397768B5-E64A-4065-86EA-C2FC1633F8A5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-05-23] (Acer Incorporated)
Task: {3B125365-E1EF-4E7F-8431-9A9C20E61C0F} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-05-23] (Acer Incorporated)
Task: {3DEA60DC-A5B0-4C15-911E-C40ABBBB7DAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-02-13] (Microsoft Corporation)
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {561ABC4B-D713-49E3-9FA1-457DFE7525C6} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {65B0C647-3D5A-48F3-91F2-BE9F82BC9ABC} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {660B2AE6-6A01-443E-AC50-2272A68CFC34} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {7AE1BCAC-061D-4672-BACB-88BC74CE1D7A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-11-10] (Microsoft Corporation)
Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation)
Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {BC30B37E-8375-4DB8-842D-C642CAD6F11E} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {BEA3CC8C-D631-4064-853E-190C17E8CB96} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {C458B851-2EE7-4D83-8D94-ADB5C3A47273} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {C508A6F9-58BB-43C2-BB66-2457EF9613D3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {CA4BE44E-107E-4B2D-91AF-FC3B077B02FC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-11-10] (Microsoft Corporation)
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {F53D4274-6AC2-4980-AB2E-6C572658FF32} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-03-04 23:26 - 2016-03-04 23:26 - 05570728 _____ () C:\Windows\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-11-10 18:11 - 2016-03-06 14:34 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-11-10 18:28 - 2016-11-10 18:28 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-11-10 18:15 - 2016-11-10 18:15 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-10 18:28 - 2016-11-10 18:28 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-20 13:50 - 2016-01-20 13:50 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2016-11-10 18:13 - 2016-11-10 18:13 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2016-11-10 18:13 - 2016-11-10 18:13 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-11-10 18:13 - 2016-11-10 18:13 - 07502848 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.Services.dll
2016-11-10 18:13 - 2016-11-10 18:13 - 01384960 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\cpprest140_uwp_2_6.dll
2016-05-17 00:50 - 2016-05-17 00:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karissa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4d466923-efee-42a5-af53-65dd89c4ea44}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Amazon 1Button App Service => 2
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8FE46E36-6097-46C9-B94D-04C3771C6564}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A39A0342-6DFE-42C3-A648-76B724BF1BF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D741F254-466E-4493-A888-E9CAFE2BD8F1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2D3CD0F4-EA05-400A-826E-A08212D9CA3A}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B3339414-F9A7-450A-97F2-F739D85297E3}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{CA7DB177-8790-411D-8BC7-CB1B6BF806FD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{1375A0AA-74D5-4730-B801-85A386BE5CB5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{3F5A4D9E-CB9B-4F94-882B-2FBE793FCC83}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{CF1D77F8-5C09-4F16-B39E-EF7FF7328110}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{1603304B-D101-461F-9B6B-782B8268ED5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2017 04:54:54 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 04:54:54 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 04:54:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 04:54:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:03:59 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {FAAF1278-D883-449F-80A3-91DD512A3514}

Error: (02/04/2017 12:04:57 AM) (Source: UEIPSvc) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: Method failed with unexpected error code 3.
at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
at System.Security.AccessControl.DirectorySecurity..ctor(String name, AccessControlSections includeSections)
at System.IO.DirectoryInfo.GetAccessControl()
at UBTService.UBTService.GrantAccess(String fullPath)
at UBTService.UBTService.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).


System errors:
=============
Error: (02/04/2017 03:33:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3210721).

Error: (02/04/2017 03:33:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Adobe Flash Player for Windows 10 Version 1511 (for x64-based Systems) (KB3214628).

Error: (02/04/2017 03:29:14 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (02/04/2017 03:26:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
%%2147500053

Error: (02/04/2017 03:26:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2017 03:25:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2017 03:25:01 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (02/04/2017 03:20:34 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (02/04/2017 03:12:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_6857e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/04/2017 03:12:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_6857e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-02-04 03:29:51.934
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 03:20:53.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 03:11:22.794
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 02:04:11.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 02:02:58.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-03 23:28:57.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-03 23:07:29.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 12156.13 MB
Available physical RAM: 8038.79 MB
Total Virtual: 14588.13 MB
Available Virtual: 11244.76 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:892.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DD2C458D)

Partition: GPT.

==================== End of Addition.txt ============================
 
Not sure why...but after both logs popped up, a few seconds later one more of each displayed. Will post those as well.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Karissa (administrator) on LAPTOP-7DE1DIR6 (04-02-2017 05:16:00)
Running from C:\Users\Karissa\Desktop
Loaded Profiles: Karissa (Available Profiles: Karissa)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a4275c8-ec22-443a-981f-23cf190d490c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{614364c1-71e2-4cee-a020-91d54d5d127e}: [DhcpNameServer] 40.32.1.55

Internet Explorer:
==================
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> DefaultScope {194D4165-BD63-47B5-BE17-059DA40783B7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-10] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-10] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-11-10] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-11-10] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default
FF DefaultSearchEngine: Google
FF Homepage: yahoo.ca
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2016-01-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Extension: Amazon Assistant for Firefox - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\abb-acer@amazon.com [2017-02-03]
FF Extension: English (US) Language Pack - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-02-03]
FF Extension: Mozilla Partner Defaults - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\partnerdefaults@mozilla.com [2017-02-03]
FF Extension: adaware ad block - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-02-03]
FF Extension: Firefox Hotfix - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-03]
FF Extension: Adblock Plus - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [326392 2015-11-27] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-08-31] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-03-06] (Microsoft Corporation)
R2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [485344 2016-09-01] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350688 2016-09-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 OneSyncSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-11-10] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 Amazon 1Button App Service; "c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245760 2016-11-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202848 2016-04-14] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-18] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 05:15 - 2017-02-04 05:15 - 00028130 _____ C:\Users\Karissa\Desktop\Addition.txt
2017-02-04 05:14 - 2017-02-04 05:16 - 00019277 _____ C:\Users\Karissa\Desktop\FRST.txt
2017-02-04 05:14 - 2017-02-04 05:16 - 00000000 ____D C:\FRST
2017-02-04 05:09 - 2017-02-04 05:14 - 02193920 _____ (Farbar) C:\Users\Karissa\Desktop\FRST64.exe
2017-02-04 04:49 - 2017-02-04 04:49 - 00007626 _____ C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 03:40 - 2017-02-04 04:27 - 25969736 _____ C:\Users\Karissa\Downloads\RogueKillerX64.exe
2017-02-04 03:37 - 2017-02-04 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-04 03:10 - 2017-02-04 03:11 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-04 03:09 - 2017-02-04 03:10 - 00000000 ____D C:\Windows\system32\MRT
2017-02-04 03:09 - 2017-02-04 03:09 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-04 02:17 - 2017-02-04 04:39 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-04 02:17 - 2017-02-04 02:17 - 00000000 ____D C:\Users\Karissa\AppData\Local\MicrosoftEdge
2017-02-04 02:16 - 2017-02-04 03:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-04 02:02 - 2017-02-04 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Mozilla
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Local\Mozilla
2017-02-03 23:07 - 2017-02-03 23:07 - 00004890 _____ C:\Windows\System32\Tasks\AcerCMUpdateTask2.1.16258
2017-02-03 23:07 - 2017-02-03 23:07 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Macromedia
2017-02-03 23:01 - 2017-02-03 23:01 - 00000000 ____D C:\Users\Karissa\AppData\Local\Comms
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\WildTangent
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Local\IIIQF
2017-02-03 22:56 - 2017-02-03 22:56 - 00002348 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-03 22:56 - 2017-02-03 22:56 - 00000000 ___RD C:\Users\Karissa\OneDrive
2017-02-03 22:55 - 2017-02-03 22:55 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Intel Corporation
2017-02-03 22:54 - 2017-02-03 22:54 - 00001337 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-02-03 22:54 - 2017-02-03 22:54 - 00000000 ____D C:\Users\Karissa\AppData\Local\CareCenter
2017-02-03 22:53 - 2017-02-03 22:53 - 00000000 ____D C:\Users\Karissa\AppData\Local\ActiveSync
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\PicStream
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\Publishers
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\AOP SDK
2017-02-03 22:51 - 2017-02-03 22:51 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-03 22:50 - 2017-02-04 00:20 - 00000000 ____D C:\Users\Karissa\AppData\Local\Packages
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ___HD C:\ProgramData\O949
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Adobe
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\VirtualStore
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\TileDataLayer
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\ProgramData\Dashlane
2017-02-03 22:49 - 2017-02-04 00:14 - 00000000 ____D C:\Users\Karissa
2017-02-03 22:49 - 2017-02-03 22:50 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-03 22:49 - 2017-02-03 22:49 - 00000020 ___SH C:\Users\Karissa\ntuser.ini
2017-02-03 22:49 - 2017-02-03 22:49 - 00000000 ____D C:\Windows\oem
2017-02-03 22:49 - 2016-11-10 18:42 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 __RSD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 14:31 - 2016-11-10 20:02 - 00003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-02-04 14:31 - 2016-05-04 22:01 - 00003852 _____ C:\Windows\System32\Tasks\ACCAgent
2017-02-04 14:30 - 2016-11-10 20:32 - 00002074 _____ C:\Windows\System32\Tasks\FUBTrackingByPLD
2017-02-04 14:30 - 2016-11-10 20:21 - 00002256 _____ C:\Windows\System32\Tasks\Power Button
2017-02-04 14:30 - 2016-11-10 20:21 - 00002180 _____ C:\Windows\System32\Tasks\Quick Access
2017-02-04 14:30 - 2016-05-04 22:07 - 00002564 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-02-04 14:30 - 2016-05-04 22:04 - 00002496 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-04 14:30 - 2016-05-04 22:01 - 00004302 _____ C:\Windows\System32\Tasks\Software Update Application
2017-02-04 14:30 - 2016-05-04 22:01 - 00002820 _____ C:\Windows\System32\Tasks\ACC
2017-02-04 14:30 - 2016-05-04 22:01 - 00002328 _____ C:\Windows\System32\Tasks\ACCBackgroundApplication
2017-02-04 14:30 - 2015-10-30 01:28 - 00000000 __RHD C:\Users\Default
2017-02-04 04:28 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\sru
2017-02-04 03:44 - 2015-10-30 02:11 - 00000000 ____D C:\Windows\CbsTemp
2017-02-04 03:32 - 2016-11-10 18:04 - 00827564 _____ C:\Windows\system32\perfh00C.dat
2017-02-04 03:32 - 2016-11-10 18:04 - 00158080 _____ C:\Windows\system32\perfc00C.dat
2017-02-04 03:32 - 2016-05-04 22:13 - 01848468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 03:32 - 2016-05-04 22:01 - 00000000 ____D C:\Program Files (x86)\Acer
2017-02-04 03:32 - 2016-05-04 21:58 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-02-04 03:30 - 2016-11-10 20:02 - 00009321 _____ C:\Windows\SysWOW64\Gms.log
2017-02-04 03:27 - 2016-02-13 08:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-04 03:26 - 2016-05-04 21:51 - 00008110 _____ C:\Windows\PFRO.log
2017-02-04 03:26 - 2016-02-13 08:11 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-04 03:26 - 2015-10-30 01:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PrintDialog
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\SysWOW64\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\setup
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\oobe
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Provisioning
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Dism
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\bcastdvr
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-04 03:18 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-04 03:11 - 2016-11-10 20:13 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-04 03:11 - 2016-05-04 22:51 - 00000000 ____D C:\Windows\Panther
2017-02-04 02:36 - 2015-10-30 02:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-04 02:02 - 2016-11-10 18:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 02:00 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\AppReadiness
2017-02-04 01:13 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files\Acer
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\OEM
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-02-03 23:34 - 2016-05-04 22:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-03 23:28 - 2016-11-10 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-03 23:17 - 2016-02-13 08:12 - 00197440 _____ C:\Windows\setupact.log
2017-02-03 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\restore
2017-02-03 23:07 - 2016-05-04 22:46 - 00000000 ___HD C:\OEM
2017-02-03 23:07 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Acer
2017-02-03 23:07 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-02-03 23:06 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\appcompat
2017-02-03 23:04 - 2016-11-10 20:14 - 00000000 ___HD C:\ProgramData\{A90E7F59-66F4-44B3-AE99-B9C20B6DA5CE}
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-03 22:58 - 2015-10-30 01:28 - 00032768 ___SH C:\Windows\system32\config\ELAM

==================== Files in the root of some directories =======

2017-02-04 04:49 - 2017-02-04 04:49 - 0007626 _____ () C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2016-11-10 19:27 - 2016-11-10 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Karissa\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-04 21:51

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Karissa (2017-02-04 05:16:21)
Running from C:\Users\Karissa\Desktop
Windows 10 Home (X64) (2017-02-04 03:48:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2782783146-3927728050-3817788716-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2782783146-3927728050-3817788716-503 - Limited - Disabled)
Guest (S-1-5-21-2782783146-3927728050-3817788716-501 - Limited - Disabled)
Karissa (S-1-5-21-2782783146-3927728050-3817788716-1001 - Administrator - Enabled) => C:\Users\Karissa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3021 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3004 - Acer Incorporated)
Amazon 1Button App (HKLM-x32\...\{5095145F-A690-405A-9ABF-69C7A7319834}) (Version: 2.2.2 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.10.2002.1 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4475 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1070 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-02-2017 23:16:57 Removed Spotify Weblink

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D2BB57-D7ED-42E8-A40E-860FE59BB454} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {01FC4ABF-5D9B-4A26-BAA4-9C33E2F7B5FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {038E6C59-3F79-4B7C-897D-F524394C60A0} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-05-23] (Acer Incorporated)
Task: {0F1F25F8-7715-4B0F-9567-3F602C616ADE} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {156174FF-0BBA-4B79-BFB6-FC222C4F0060} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-08-31] (Acer Incorporated)
Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {397768B5-E64A-4065-86EA-C2FC1633F8A5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-05-23] (Acer Incorporated)
Task: {3B125365-E1EF-4E7F-8431-9A9C20E61C0F} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-05-23] (Acer Incorporated)
Task: {3DEA60DC-A5B0-4C15-911E-C40ABBBB7DAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-02-13] (Microsoft Corporation)
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {561ABC4B-D713-49E3-9FA1-457DFE7525C6} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {65B0C647-3D5A-48F3-91F2-BE9F82BC9ABC} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {660B2AE6-6A01-443E-AC50-2272A68CFC34} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {7AE1BCAC-061D-4672-BACB-88BC74CE1D7A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-11-10] (Microsoft Corporation)
Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation)
Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {BC30B37E-8375-4DB8-842D-C642CAD6F11E} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {BEA3CC8C-D631-4064-853E-190C17E8CB96} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {C458B851-2EE7-4D83-8D94-ADB5C3A47273} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {C508A6F9-58BB-43C2-BB66-2457EF9613D3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {CA4BE44E-107E-4B2D-91AF-FC3B077B02FC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-11-10] (Microsoft Corporation)
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {F53D4274-6AC2-4980-AB2E-6C572658FF32} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-03-04 23:26 - 2016-03-04 23:26 - 05570728 _____ () C:\Windows\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-11-10 18:11 - 2016-03-06 14:34 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-11-10 18:28 - 2016-11-10 18:28 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-11-10 18:15 - 2016-11-10 18:15 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-10 18:28 - 2016-11-10 18:28 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-10 18:41 - 2016-11-10 18:41 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-20 13:50 - 2016-01-20 13:50 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2016-11-10 18:13 - 2016-11-10 18:13 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2016-11-10 18:13 - 2016-11-10 18:13 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-11-10 18:13 - 2016-11-10 18:13 - 07502848 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.Services.dll
2016-11-10 18:13 - 2016-11-10 18:13 - 01384960 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\cpprest140_uwp_2_6.dll
2016-05-17 00:50 - 2016-05-17 00:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karissa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4d466923-efee-42a5-af53-65dd89c4ea44}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Amazon 1Button App Service => 2
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8FE46E36-6097-46C9-B94D-04C3771C6564}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A39A0342-6DFE-42C3-A648-76B724BF1BF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D741F254-466E-4493-A888-E9CAFE2BD8F1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2D3CD0F4-EA05-400A-826E-A08212D9CA3A}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B3339414-F9A7-450A-97F2-F739D85297E3}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{CA7DB177-8790-411D-8BC7-CB1B6BF806FD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{1375A0AA-74D5-4730-B801-85A386BE5CB5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{3F5A4D9E-CB9B-4F94-882B-2FBE793FCC83}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{CF1D77F8-5C09-4F16-B39E-EF7FF7328110}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{1603304B-D101-461F-9B6B-782B8268ED5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2017 04:54:54 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 04:54:54 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 04:54:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 04:54:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:39 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:36:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: 0x1ProtectionManagement

Error: (02/04/2017 02:03:59 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {FAAF1278-D883-449F-80A3-91DD512A3514}

Error: (02/04/2017 12:04:57 AM) (Source: UEIPSvc) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: Method failed with unexpected error code 3.
at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
at System.Security.AccessControl.DirectorySecurity..ctor(String name, AccessControlSections includeSections)
at System.IO.DirectoryInfo.GetAccessControl()
at UBTService.UBTService.GrantAccess(String fullPath)
at UBTService.UBTService.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).


System errors:
=============
Error: (02/04/2017 03:33:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3210721).

Error: (02/04/2017 03:33:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Adobe Flash Player for Windows 10 Version 1511 (for x64-based Systems) (KB3214628).

Error: (02/04/2017 03:29:14 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (02/04/2017 03:26:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
%%2147500053

Error: (02/04/2017 03:26:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2017 03:25:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/04/2017 03:25:01 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (02/04/2017 03:20:34 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (02/04/2017 03:12:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_6857e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/04/2017 03:12:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_6857e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-02-04 03:29:51.934
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 03:20:53.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 03:11:22.794
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 02:04:11.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-04 02:02:58.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-03 23:28:57.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-03 23:07:29.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 12156.13 MB
Available physical RAM: 7998.3 MB
Total Virtual: 14588.13 MB
Available Virtual: 11203.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:892.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DD2C458D)

Partition: GPT.

==================== End of Addition.txt ============================
 
Which program identified RogueKiller a sa trojan? McAfee?

Where did you download RogueKiller from?

Are there any other issues?
 
RogueKiller detected itself as a Trojan, McAfee hasn't detected anything. I downloaded "http://download.cnet.com/RogueKiller-64-bit/3000-8022_4-75833620.html" - never had any issues before. I have noticed it's now taking files a long time to download, and they generally fail the first time. Laptop is fast after boot, then slows down dramatically. Windows is up to date, as well as everything else. McAfee just ran a scheduled scan, but didn't find anything once again.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Two logs came up when I selected view report in RogueKiller. Will post both.

RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Karissa [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/07/2017 14:02:21 (Duration : 00:20:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0187471486355450mcinstcleanup (C:\WINDOWS\TEMP\018747~1.EXE -cleanup -nolog) -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\DriverSetupUtility -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ACCPlugin.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ACCUtilities.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ADCommonType.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\DiagnosticEvent.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\DiagnosticPlugin.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\FUB.bat -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\FUB.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LiveUpdate.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LiveUpdateChecker.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LogDebug.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LogDll.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ManagedNativeUtilities.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\RunCmdX.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\SharpBITS.Base.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\DriverSetupUtility\FUB -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] c33ce3648296b30519d9daa699278b21
[BSP] c75aceaaea294a689b9af48cd6bdab4a : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 952728 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951426560 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK
 
RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Karissa [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/07/2017 14:02:21 (Duration : 00:20:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0187471486355450mcinstcleanup (C:\WINDOWS\TEMP\018747~1.EXE -cleanup -nolog) -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\DriverSetupUtility -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ACCPlugin.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ACCUtilities.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ADCommonType.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\DiagnosticEvent.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\DiagnosticPlugin.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\FUB.bat -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\FUB.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LiveUpdate.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LiveUpdateChecker.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LogDebug.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\LogDll.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\ManagedNativeUtilities.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\RunCmdX.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\DriverSetupUtility\FUB\SharpBITS.Base.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\DriverSetupUtility\FUB -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] c33ce3648296b30519d9daa699278b21
[BSP] c75aceaaea294a689b9af48cd6bdab4a : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 952728 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951426560 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK
 
# AdwCleaner v6.043 - Logfile created 07/02/2017 at 17:26:10
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Karissa - LAPTOP-7DE1DIR6
# Running from : C:\Users\Karissa\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: Software Update Application


***** [ Registry ] *****

Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Amazon 1Button App Service
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Key Found: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1797 Bytes] - [07/02/2017 17:26:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1870 Bytes] ##########
 
# AdwCleaner v6.043 - Logfile created 07/02/2017 at 18:33:49
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Karissa - LAPTOP-7DE1DIR6
# Running from : C:\Users\Karissa\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Software Update Application


***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Amazon 1Button App Service
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1696 Bytes] - [07/02/2017 18:33:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1973 Bytes] - [07/02/2017 17:26:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1842 Bytes] ##########
 
No :)
You posted AQdwCleaner log twice.
I still need JRT log.

Then...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Ah, sorry! Here is the Malwarebytes log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/7/17
Scan Time: 9:31 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1205
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LAPTOP-7DE1DIR6\Karissa

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377625
Time Elapsed: 1 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Karissa (Administrator) on 2017-02-07 at 21:35:24.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{194D4165-BD63-47B5-BE17-059DA40783B7} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-02-07 at 21:36:46.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Karissa (administrator) on LAPTOP-7DE1DIR6 (07-02-2017 21:39:02)
Running from C:\Users\Karissa\Desktop
Loaded Profiles: Karissa (Available Profiles: Karissa)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
() C:\Users\Karissa\AppData\Local\Temp\is-FHRJ9.tmp\mb3-setup-consumer-3.0.6.1469.tmp
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-20] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\...\RunOnce: [Uninstall C:\Users\Karissa\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Karissa\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a4275c8-ec22-443a-981f-23cf190d490c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{614364c1-71e2-4cee-a020-91d54d5d127e}: [DhcpNameServer] 40.32.1.55

Internet Explorer:
==================
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> DefaultScope {194D4165-BD63-47B5-BE17-059DA40783B7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-10] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-10] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-10-26] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-10-26] (McAfee, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> hxxp://yahoo.ca/

FireFox:
========
FF ProfilePath: C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default
FF DefaultSearchEngine: Google
FF Homepage: yahoo.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-04] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-10-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-04] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-10-26] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Extension: Amazon Assistant for Firefox - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\abb-acer@amazon.com [2017-02-03]
FF Extension: Mozilla Partner Defaults - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\partnerdefaults@mozilla.com [2017-02-03]
FF Extension: adaware ad block - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-02-03]
FF Extension: English (US) Language Pack - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-02-04]
FF Extension: Adblock Plus - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-08-31] (Acer Incorporated)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2017-02-04] (Microsoft Corporation)
R2 CDPUserSvc_352f0; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-03-06] (Microsoft Corporation)
R2 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-07] (Intel Corporation)
R2 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-07] (Intel Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-20] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_352f0; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 OneSyncSvc_352f0; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
S3 PimIndexMaintenanceSvc_352f0; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated)
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-11-20] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-11-20] (Microsoft Corporation)
S3 UnistoreSvc_352f0; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_352f0; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-11-20] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-11-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-20] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_352f0; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_352f0; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [249856 2016-11-20] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-11-20] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-07] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-20] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-07] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-11-20] (Avago Technologies)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202848 2016-04-14] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-18] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-11-20] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 21:47 - 2017-02-07 21:47 - 00280088 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-02-07 21:47 - 2017-02-07 21:47 - 00150040 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2017-02-07 21:47 - 2017-02-07 21:47 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-02-07 21:47 - 2017-02-07 21:47 - 00120856 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2017-02-07 21:47 - 2017-02-07 21:47 - 00110096 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2017-02-07 21:39 - 2017-02-07 21:39 - 00024081 _____ C:\Users\Karissa\Desktop\FRST.txt
2017-02-07 21:33 - 2017-02-07 21:33 - 01663040 _____ (Malwarebytes) C:\Users\Karissa\Desktop\JRT.exe
2017-02-07 21:29 - 2017-02-07 21:31 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-07 21:29 - 2017-02-07 21:29 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 21:29 - 2017-02-07 21:29 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-07 21:29 - 2017-02-07 21:29 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-07 21:29 - 2017-02-07 21:29 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-07 21:29 - 2017-02-07 21:29 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-07 21:29 - 2017-02-07 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-07 21:29 - 2017-02-07 21:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-07 21:29 - 2017-02-07 21:29 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-07 21:29 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-07 20:45 - 2017-02-07 20:47 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-07 20:02 - 2017-02-07 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-07 18:38 - 2017-02-07 18:39 - 55566792 _____ (Malwarebytes ) C:\Users\Karissa\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-07 17:24 - 2017-02-07 18:33 - 00000000 ____D C:\AdwCleaner
2017-02-07 17:22 - 2017-02-07 17:23 - 04015056 _____ C:\Users\Karissa\Desktop\AdwCleaner.exe
2017-02-07 17:10 - 2017-02-07 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autel
2017-02-07 17:09 - 2017-02-07 17:09 - 00000000 ____D C:\Program Files (x86)\Autel
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxisys
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Program Files (x86)\Maxisys
2017-02-07 14:02 - 2017-02-07 14:02 - 00000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-07 14:02 - 2017-02-07 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-07 14:02 - 2017-02-07 14:02 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-07 13:59 - 2017-02-07 14:01 - 34801784 _____ (Adlice Software ) C:\Users\Karissa\Desktop\setup.exe
2017-02-06 17:59 - 2017-02-06 17:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-06 01:37 - 2017-02-06 01:37 - 00000000 ____D C:\Users\Karissa\AppData\LocalLow\Adobe
2017-02-06 01:37 - 2017-02-06 01:37 - 00000000 ____D C:\Users\Karissa\AppData\Local\CEF
2017-02-06 01:31 - 2017-02-06 03:45 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-06 01:30 - 2017-02-06 17:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-06 01:30 - 2017-02-06 01:39 - 00000000 ____D C:\ProgramData\Adobe
2017-02-06 01:30 - 2017-02-06 01:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-06 00:06 - 2017-02-06 00:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-05 15:02 - 2017-02-07 21:37 - 00000000 ____D C:\Users\Karissa\AppData\LocalLow\Mozilla
2017-02-05 14:35 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-05 14:35 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-04 16:47 - 2017-02-04 14:22 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-04 16:44 - 2017-02-04 16:44 - 00000000 ____D C:\Windows.old
2017-02-04 16:41 - 2017-02-04 16:41 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
 
2017-02-04 16:41 - 2017-02-04 16:41 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-04 16:41 - 2017-02-04 16:41 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-02-04 16:41 - 2017-02-04 16:41 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-04 16:41 - 2017-02-04 16:41 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-02-04 16:41 - 2017-02-04 16:41 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-02-04 16:41 - 2017-02-04 16:41 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-02-04 16:41 - 2017-02-04 16:41 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-04 16:40 - 2017-02-04 16:40 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-02-04 16:40 - 2017-02-04 16:40 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-02-04 16:40 - 2017-02-04 16:40 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-04 16:40 - 2017-02-04 16:40 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-02-04 16:40 - 2017-02-04 16:40 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
 
2017-02-04 16:40 - 2017-02-04 16:40 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-02-04 16:40 - 2017-02-04 16:40 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-02-04 16:40 - 2017-02-04 16:40 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-02-04 16:31 - 2017-02-07 19:54 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-04 16:31 - 2017-02-07 15:36 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-04 16:11 - 2017-02-04 16:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-04 16:09 - 2017-02-04 16:09 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-04 16:09 - 2017-02-04 16:09 - 00000000 ____D C:\Program Files\MSBuild
2017-02-04 16:09 - 2017-02-04 16:09 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-04 16:09 - 2017-02-04 16:09 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-04 16:09 - 2016-05-25 17:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-02-04 16:09 - 2016-05-25 17:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-04 16:09 - 2016-05-25 17:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-02-04 16:09 - 2016-05-25 14:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-02-04 16:09 - 2016-05-25 14:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-04 16:09 - 2016-05-25 14:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-02-04 14:42 - 2017-02-04 14:42 - 00000000 ____D C:\Users\Karissa\AppData\Local\Macromedia
2017-02-04 14:41 - 2017-02-05 14:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-04 14:41 - 2017-02-04 14:41 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-04 14:40 - 2017-02-06 01:37 - 00000000 ____D C:\Users\Karissa\AppData\Local\Adobe
2017-02-04 14:23 - 2017-02-05 23:27 - 00000000 ____D C:\Users\Karissa\AppData\Local\ConnectedDevicesPlatform
2017-02-04 14:23 - 2017-02-04 14:23 - 00000020 ___SH C:\Users\Karissa\ntuser.ini
2017-02-04 14:20 - 2017-02-04 14:21 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-02-04 14:20 - 2017-02-04 14:21 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-02-04 14:19 - 2017-02-05 23:32 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-02-04 14:19 - 2017-02-05 23:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-04 14:19 - 2017-02-04 14:20 - 00003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2017-02-04 14:19 - 2017-02-04 14:20 - 00003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-02-04 14:19 - 2017-02-04 14:19 - 00003692 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2017-02-04 14:19 - 2017-02-04 14:19 - 00002820 _____ C:\WINDOWS\System32\Tasks\ACC
2017-02-04 14:19 - 2017-02-04 14:19 - 00002564 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2017-02-04 14:19 - 2017-02-04 14:19 - 00002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2017-02-04 14:19 - 2017-02-04 14:19 - 00002256 _____ C:\WINDOWS\System32\Tasks\Power Button
2017-02-04 14:19 - 2017-02-04 14:19 - 00002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2017-02-04 14:19 - 2017-02-04 14:19 - 00002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2017-02-04 14:12 - 2017-02-04 14:12 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-02-04 14:10 - 2017-02-04 14:20 - 00008154 _____ C:\WINDOWS\comsetup.log
2017-02-04 14:06 - 2017-02-04 14:06 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-04 14:02 - 2017-02-04 14:06 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-02-04 14:00 - 2017-02-07 18:34 - 00000000 ____D C:\Users\Karissa
2017-02-04 14:00 - 2017-02-04 14:23 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 14:00 - 2016-07-16 06:48 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-04 14:00 - 2016-07-16 06:47 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-04 14:00 - 2016-07-16 06:47 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-04 14:00 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-02-04 13:56 - 2017-02-04 13:56 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-04 13:56 - 2017-02-04 13:56 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-02-04 13:55 - 2017-02-07 21:47 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-02-04 13:55 - 2017-02-07 21:47 - 00113176 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-02-04 13:55 - 2017-02-04 14:03 - 00000000 ____D C:\Program Files\Intel
2017-02-04 13:55 - 2017-02-04 14:03 - 00000000 ____D C:\Program Files (x86)\Intel
2017-02-04 13:55 - 2017-02-04 13:55 - 01621874 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 ____D C:\ProgramData\rtkSSTSetting
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 ____D C:\Program Files\Realtek
2017-02-04 13:55 - 2017-02-04 13:55 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-02-04 13:55 - 2016-06-02 19:29 - 03181209 _____ C:\WINDOWS\system32\Drivers\rtkSSTSetting.zip
2017-02-04 13:49 - 2017-02-04 13:49 - 00027203 _____ C:\WINDOWS\system32\NetSetupMig.log
2017-02-04 13:48 - 2017-02-07 18:34 - 00003230 _____ C:\WINDOWS\PFRO.log
2017-02-04 12:52 - 2017-02-04 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-04 12:52 - 2017-02-04 14:03 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-02-04 05:14 - 2017-02-07 21:39 - 00000000 ____D C:\FRST
2017-02-04 05:09 - 2017-02-04 05:14 - 02193920 _____ (Farbar) C:\Users\Karissa\Desktop\FRST64.exe
2017-02-04 04:49 - 2017-02-04 04:49 - 00007626 _____ C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 03:40 - 2017-02-04 04:27 - 25969736 _____ C:\Users\Karissa\Downloads\RogueKillerX64.exe
2017-02-04 03:09 - 2017-02-04 03:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-04 03:09 - 2017-02-04 03:09 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-04 03:01 - 2016-06-30 22:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2017-02-04 02:57 - 2016-06-30 22:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2017-02-04 02:17 - 2017-02-07 14:02 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-04 02:17 - 2017-02-04 21:24 - 00000000 ____D C:\Users\Karissa\AppData\Local\MicrosoftEdge
2017-02-04 02:16 - 2017-02-04 03:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-04 02:02 - 2017-02-04 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Mozilla
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Local\Mozilla
2017-02-03 23:07 - 2017-02-03 23:07 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Macromedia
2017-02-03 23:01 - 2017-02-03 23:01 - 00000000 ____D C:\Users\Karissa\AppData\Local\Comms
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\WildTangent
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Local\IIIQF
2017-02-03 22:56 - 2017-02-04 14:27 - 00002377 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-03 22:56 - 2017-02-04 14:27 - 00000000 ___RD C:\Users\Karissa\OneDrive
2017-02-03 22:55 - 2017-02-03 22:55 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Intel Corporation
2017-02-03 22:54 - 2017-02-03 22:54 - 00001337 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-02-03 22:54 - 2017-02-03 22:54 - 00000000 ____D C:\Users\Karissa\AppData\Local\CareCenter
2017-02-03 22:53 - 2017-02-03 22:53 - 00000000 ____D C:\Users\Karissa\AppData\Local\ActiveSync
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\PicStream
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\Publishers
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\AOP SDK
2017-02-03 22:51 - 2017-02-03 22:51 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-03 22:50 - 2017-02-07 20:53 - 00000000 ____D C:\Users\Karissa\AppData\Local\Packages
2017-02-03 22:50 - 2017-02-06 01:37 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Adobe
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ___HD C:\ProgramData\O949
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\VirtualStore
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\TileDataLayer
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\ProgramData\Dashlane
2017-02-03 22:49 - 2017-02-03 22:49 - 00000000 ____D C:\WINDOWS\oem

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 21:47 - 2016-09-01 22:49 - 00113176 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-02-07 21:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sru
2017-02-07 21:35 - 2016-05-04 21:58 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2017-02-07 20:47 - 2016-11-20 13:37 - 00017059 _____ C:\WINDOWS\setupact.log
2017-02-07 18:39 - 2016-11-20 13:47 - 00945868 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-07 18:38 - 2016-11-10 20:02 - 00009209 _____ C:\WINDOWS\SysWOW64\Gms.log
2017-02-07 18:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-07 18:34 - 2016-11-20 13:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-07 18:34 - 2016-07-16 01:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-07 17:10 - 2016-11-10 19:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-07 16:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\restore
2017-02-07 16:22 - 2016-11-20 13:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-05 23:39 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-05 23:36 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-05 23:36 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files\mcafee
2017-02-05 23:30 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-05 23:12 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-05 15:01 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-05 14:58 - 2016-11-20 13:37 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-05 14:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-05 14:50 - 2016-05-04 22:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-05 14:36 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-05 05:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-05 03:41 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-02-04 22:22 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-04 22:22 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-04 22:21 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-04 22:21 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-04 22:21 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-02-04 22:21 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-04 22:21 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-02-04 22:21 - 2016-11-20 13:04 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Com
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\IME
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-04 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-04 22:21 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-04 22:21 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-04 22:21 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-04 22:21 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2017-02-04 16:47 - 2016-07-16 06:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-04 16:42 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 16:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-04 16:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2017-02-04 16:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-04 16:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-04 16:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-04 16:36 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-02-04 14:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-04 14:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-04 14:22 - 2016-07-16 01:04 - 00000000 __RHD C:\Users\Default
2017-02-04 14:20 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-04 14:20 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration
2017-02-04 14:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-02-04 14:11 - 2016-11-10 19:42 - 01888282 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-04 14:11 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-04 14:06 - 2016-11-10 20:04 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2017-02-04 14:06 - 2016-11-10 19:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-02-04 14:06 - 2016-07-16 06:49 - 00006285 _____ C:\WINDOWS\DtcInstall.log
2017-02-04 14:06 - 2016-07-16 06:47 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-04 14:06 - 2016-07-16 06:47 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-04 14:06 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-04 14:06 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-02-04 14:06 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-04 14:03 - 2016-11-20 13:12 - 00000000 ____D C:\WINDOWS\OCR
2017-02-04 14:03 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-04 14:03 - 2016-05-04 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-04 14:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Recovery
2017-02-04 14:02 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-04 14:00 - 2016-05-04 21:53 - 00000000 __SHD C:\Recovery
2017-02-04 13:56 - 2016-11-20 13:37 - 00000156 _____ C:\WINDOWS\setuperr.log
2017-02-04 12:41 - 2016-11-21 06:31 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-04 03:32 - 2016-05-04 22:01 - 00000000 ____D C:\Program Files (x86)\Acer
2017-02-04 02:02 - 2016-11-10 18:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 01:13 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files\Acer
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\OEM
2017-02-04 01:00 - 2015-10-30 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-02-04 01:00 - 2015-10-30 02:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-02-03 23:28 - 2016-11-10 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-03 23:07 - 2016-05-04 22:46 - 00000000 ___HD C:\OEM
2017-02-03 23:07 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Acer
2017-02-03 23:04 - 2016-11-10 20:14 - 00000000 ___HD C:\ProgramData\{A90E7F59-66F4-44B3-AE99-B9C20B6DA5CE}
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\WildTangent

==================== Files in the root of some directories =======

2017-02-04 04:49 - 2017-02-04 04:49 - 0007626 _____ () C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 13:55 - 2017-02-04 13:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-02-04 17:22

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Karissa (2017-02-07 21:39:48)
Running from C:\Users\Karissa\Desktop
Windows 10 Home (X64) (2017-02-04 19:22:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2782783146-3927728050-3817788716-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2782783146-3927728050-3817788716-503 - Limited - Disabled)
Guest (S-1-5-21-2782783146-3927728050-3817788716-501 - Limited - Disabled)
Karissa (S-1-5-21-2782783146-3927728050-3817788716-1001 - Administrator - Enabled) => C:\Users\Karissa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3021 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3004 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.10.2002.1 - Acer Incorporated)
Autel PC Suit (HKLM-x32\...\InstallShield_{5A435634-46D9-47B5-8358-FFDC9D590775}) (Version: 6.34.03 - Autel)
Autel PC Suit (x32 Version: 6.34.03 - Autel) Hidden
DiagLink PC Suit (HKLM-x32\...\InstallShield_{A6870FF8-990F-481D-A847-CC41278FC384}) (Version: 1.10 - Autel)
DiagLink PC Suit (x32 Version: 1.10 - Autel) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.2059 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1070 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1070 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Karissa\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

07-02-2017 20:44:21 Windows Update
07-02-2017 21:35:24 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01FC4ABF-5D9B-4A26-BAA4-9C33E2F7B5FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {038E6C59-3F79-4B7C-897D-F524394C60A0} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-05-23] (Acer Incorporated)
Task: {04725E20-6625-478B-8AAA-23E9351BD87C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {070BDC4B-A4AE-4B22-AF85-837CBCCA3947} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {0F1F25F8-7715-4B0F-9567-3F602C616ADE} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-11-20] (Microsoft Corporation)
Task: {156174FF-0BBA-4B79-BFB6-FC222C4F0060} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-08-31] (Acer Incorporated)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {29B13A4B-FBAE-45C1-8FF6-6AF5A4ECB282} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {2D5A0F87-8459-4669-8674-0A4718B6E682} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {38540671-4402-4868-A887-91207C556109} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {397768B5-E64A-4065-86EA-C2FC1633F8A5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-05-23] (Acer Incorporated)
Task: {3DEA60DC-A5B0-4C15-911E-C40ABBBB7DAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-11-20] (Microsoft Corporation)
Task: {51763F64-40BE-4233-BA7B-C17CF7E33DB3} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2017-02-04] (McAfee, Inc.)
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {561ABC4B-D713-49E3-9FA1-457DFE7525C6} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-06] (Microsoft Corporation)
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {57368EA8-FA78-4702-A426-74E26B22B964} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-04] (Adobe Systems Incorporated)
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {65B0C647-3D5A-48F3-91F2-BE9F82BC9ABC} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {660B2AE6-6A01-443E-AC50-2272A68CFC34} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {68D31DB5-DDA9-48C7-822E-4AB7246C0FD2} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6C0CB8EA-C923-46AC-8A6F-1747AF20DF2F} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {856E9980-628E-4905-ABE5-5F7EFE170EA4} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-11-20] (Microsoft Corporation)
Task: {9FF839A1-1A19-44C2-9066-9751AB4D50E6} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-11-20] (Microsoft Corporation)
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-11-20] (Microsoft Corporation)
Task: {BC30B37E-8375-4DB8-842D-C642CAD6F11E} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C3060885-CE48-494A-BAF7-C7AAB61EAB95} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {C458B851-2EE7-4D83-8D94-ADB5C3A47273} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {C4AE0AAA-7E63-4A3B-ADD7-7B486287A7A8} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-11-20] (Microsoft Corporation)
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D6B9B9A2-E778-427A-8CCE-117DB660FEE2} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2017-02-04] (McAfee, Inc.)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F53D4274-6AC2-4980-AB2E-6C572658FF32} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-04 20:26 - 2016-03-04 20:26 - 05570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-11-10 18:11 - 2016-03-06 14:34 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2017-02-04 14:27 - 2017-02-04 14:27 - 00959168 _____ () C:\Users\Karissa\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-10 18:15 - 2016-11-10 18:15 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-06 17:59 - 2017-02-06 18:01 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 17:59 - 2017-02-06 18:01 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 17:59 - 2017-02-06 18:02 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 17:59 - 2017-02-06 18:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-07 21:29 - 2017-02-07 21:29 - 01192400 _____ () C:\Users\Karissa\AppData\Local\Temp\is-FHRJ9.tmp\mb3-setup-consumer-3.0.6.1469.tmp
2017-02-07 21:29 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-07 21:29 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-07 21:29 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-11-20 13:11 - 2016-11-20 13:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-04 16:40 - 2017-02-04 16:40 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-17 00:50 - 2016-05-17 00:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\mcafee:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bluetooth Suite:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Qualcomm Atheros:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karissa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4d466923-efee-42a5-af53-65dd89c4ea44}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{1603304B-D101-461F-9B6B-782B8268ED5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CF1D77F8-5C09-4F16-B39E-EF7FF7328110}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{3F5A4D9E-CB9B-4F94-882B-2FBE793FCC83}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{1375A0AA-74D5-4730-B801-85A386BE5CB5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CA7DB177-8790-411D-8BC7-CB1B6BF806FD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{B3339414-F9A7-450A-97F2-F739D85297E3}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{2D3CD0F4-EA05-400A-826E-A08212D9CA3A}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{D741F254-466E-4493-A888-E9CAFE2BD8F1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A39A0342-6DFE-42C3-A648-76B724BF1BF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8FE46E36-6097-46C9-B94D-04C3771C6564}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AT91 USB to Serial Converter (COM5)
Description: AT91 USB to Serial Converter
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: ATMEL Corp.
Service: usbser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2017 09:35:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/07/2017 08:44:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/07/2017 06:40:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/07/2017 05:11:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UpdateClient.exe version 5.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1c1c

Start Time: 01d2818f03f2a9cf

Termination Time: 6

Application Path: C:\Program Files (x86)\Autel\PC Suit\UpdateClient.exe

Report Id: 64804e57-ed82-11e6-9da8-94e979aac3d6

Faulting package full name:

Faulting package-relative application ID:

Error: (02/07/2017 05:10:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/07/2017 05:09:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0187471486355450) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/07/2017 05:09:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/07/2017 04:51:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/07/2017 04:50:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0187471486355450) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/07/2017 04:50:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (02/07/2017 06:35:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2017 06:35:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.

Error: (02/07/2017 06:34:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2017 06:34:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2017 06:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/07/2017 06:33:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/07/2017 06:33:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/07/2017 06:33:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (02/07/2017 06:33:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Security Assist service terminated unexpectedly. It has done this 1 time(s).

Error: (02/07/2017 06:33:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 23%
Total physical RAM: 12156.13 MB
Available physical RAM: 9293.7 MB
Total Virtual: 14588.13 MB
Available Virtual: 11675.66 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:876.45 GB) NTFS
Drive d: () (Removable) (Total:3.63 GB) (Free:1.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DD2C458D)

Partition: GPT.

========================================================
Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    861 bytes · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Karissa (2017-02-09 14:32:50) Run:1
Running from C:\Users\Karissa\Desktop
Loaded Profiles: Karissa (Available Profiles: Karissa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> DefaultScope {194D4165-BD63-47B5-BE17-059DA40783B7} URL =
2017-02-04 04:49 - 2017-02-04 04:49 - 0007626 _____ () C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 13:55 - 2017-02-04 13:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Program Files\mcafee:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bluetooth Suite:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Qualcomm Atheros:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1


*****************

HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Program Files\mcafee => ":Win32App_1" ADS removed successfully.
C:\Program Files\RogueKiller => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Bluetooth Suite => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft Office => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Mozilla Firefox => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Qualcomm Atheros => ":Win32App_1" ADS removed successfully.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS removed successfully.

==== End of Fixlog 14:32:50 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
McAfee Anti-Virus and Anti-Spyware
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 24.0.0.194
Mozilla Firefox (51.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Karissa (administrator) on 13-02-2017 at 00:09:57
Running from "C:\Users\Karissa\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back