Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Mel (administrator) on LAPTOP-HR19R3JB (16-02-2018 22:03:31)
Running from C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Mel (Available Profiles: Mel)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
(SweetLabs, Inc) C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\odscanui.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [4909824 2016-06-01] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-440005720-1384804578-157143609-1002\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-02-16]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2ac5b39f-5012-4143-90ca-088bfcff364d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9e480b2f-8432-441e-b813-5449dfec6cc6}: [DhcpNameServer] 40.30.1.66
Internet Explorer:
==================
HKU\S-1-5-21-440005720-1384804578-157143609-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://imp.searchetg.com/impression.do?source=732691&sub_id=20171124&user_id=b1c1174b-9816-42aa-ac22-b553977d2c57&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2F%3Ftype%3D732691%26fr%3Dspigot-yhp-ie
HKU\S-1-5-21-440005720-1384804578-157143609-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-440005720-1384804578-157143609-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://
www.acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-440005720-1384804578-157143609-1002 -> DefaultScope {842099BA-FF01-4208-8282-87E94984B1CE} URL = hxxp://imp.searchetg.com/impression.do?source=732691&sub_id=20171124&user_id=b1c1174b-9816-42aa-ac22-b553977d2c57&traffic_source=Spigot&event=ro_inb_search&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D732691%26p%3D&st={searchTerms}
SearchScopes: HKU\S-1-5-21-440005720-1384804578-157143609-1002 -> {842099BA-FF01-4208-8282-87E94984B1CE} URL = hxxp://imp.searchetg.com/impression.do?source=732691&sub_id=20171124&user_id=b1c1174b-9816-42aa-ac22-b553977d2c57&traffic_source=Spigot&event=ro_inb_search&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D732691%26p%3D&st={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-01-11] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-18] (Microsoft Corporation)
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-01-11] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-01-18] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-01-11] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-01-11] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-440005720-1384804578-157143609-1002 -> hxxp://google.com/?gws_rd=ssl
FireFox:
========
FF DefaultProfile: abzkzqz4.default
FF ProfilePath: C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Mozilla\Firefox\Profiles\abzkzqz4.default [2018-02-14]
FF Homepage: Mozilla\Firefox\Profiles\abzkzqz4.default -> hxxp://imp.searchetg.com/impression.do?source=732691&sub_id=20171124&user_id=b1c1174b-9816-42aa-ac22-b553977d2c57&traffic_source=Spigot&event=ro_homepage&implementation_id=Vuze+Core&redir=https%3A%2F%2Fsearch.yahoo.com%2F%3Ftype%3D732691%26fr%3Dspigot-yhp-ff
hxxps://
www.bing.com/?FORM=SLBRDF&PC=SL09
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Mozilla\Firefox\Profiles\abzkzqz4.default\Extensions\abb-acer@amazon.com [2017-09-14] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Mozilla\Firefox\Profiles\abzkzqz4.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-11-24] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Mozilla\Firefox\Profiles\abzkzqz4.default\Extensions\partnerdefaults@mozilla.com [2017-09-14] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Mozilla\Firefox\Profiles\abzkzqz4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF Extension: (Disable Crash Auto Submit) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Mozilla\Firefox\Profiles\abzkzqz4.default\features\{3b30fafc-136c-4853-8520-6fc86d7fd598}\disable-crash-autosubmit@mozilla.org.xpi [2018-01-07] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2016-07-14] [Legacy]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ar@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-bg@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-cs@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-da@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-de@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-el@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2016-07-14] [Legacy]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-es-ES@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-et@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fi@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fr@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-he@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-hu@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-it@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ja@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ko@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-lt@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nb-NO@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nl@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pl@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-BR@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-PT@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ru@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sk@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sl@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sr@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sv-SE@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-th@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-tr@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-uk@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-CN@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-TW@firefox.mozilla.org [2017-09-10] [not signed]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2016-07-14] [Legacy]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2018-01-25]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-01-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com
CHR Profile: C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default [2018-02-14]
CHR Extension: (Slides) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Docs) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Google Drive) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14]
CHR Extension: (YouTube) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14]
CHR Extension: (Avast SafePrice) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-14]
CHR Extension: (Sheets) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-14]
CHR Extension: (Avast Online Security) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-14]
CHR Extension: (Gmail) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-14]
CHR Extension: (Chrome Media Router) - C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [105136 2017-10-04] ()
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-06-01] (Advanced Micro Devices) [File not signed]
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2119184 2017-09-26] (Bitdefender)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-15] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [81408 2015-10-14] (Dashlane SAS)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103584 2018-01-15] (Bitdefender)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1282232 2018-01-19] (Bitdefender)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (acer)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [118096 2018-01-15] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1170712 2018-01-15] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-02-16] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-02-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305968 2016-06-14] (Advanced Micro Devices)
R3 AmdGpio2; C:\WINDOWS\System32\drivers\AmdGpio2.sys [34032 2015-11-19] (Advanced Micro Devices, INC.)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [48880 2015-11-19] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [76304 2015-05-11] (Advanced Micro Devices, INC.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1058784 2017-12-08] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1765336 2017-11-28] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47376 2017-10-09] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [185416 2015-09-06] (ELAN Microelectronic Corp.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R0 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [338744 2017-11-29] (Bitdefender)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-18] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-02-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-02-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-02-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-16 22:03 - 2018-02-16 22:03 - 000000000 ____D C:\FRST
2018-02-16 18:55 - 2018-02-16 18:55 - 000060932 _____ C:\ProgramData\dm.1518828895.bdinstall.bin
2018-02-16 18:55 - 2018-02-16 18:55 - 000000000 ____D C:\ProgramData\Bitdefender Device Management
2018-02-16 18:54 - 2018-02-16 20:11 - 000001623 _____ C:\bdlog.txt
2018-02-16 18:54 - 2018-02-16 18:54 - 000420314 _____ C:\ProgramData\cl.1518827776.bdinstall.bin
2018-02-16 18:54 - 2018-02-16 18:54 - 000003420 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2018-02-16 18:46 - 2018-02-16 18:46 - 000000000 ____D C:\ProgramData\Atc
2018-02-16 18:44 - 2018-02-16 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2018-02-16 18:44 - 2018-02-16 18:44 - 000002347 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2018-02-16 18:44 - 2018-02-16 18:44 - 000000000 ____D C:\ProgramData\BDLogging
2018-02-16 18:43 - 2017-12-08 04:49 - 001058784 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-02-16 18:43 - 2017-11-28 04:57 - 001765336 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-02-16 18:43 - 2017-10-09 06:25 - 000047376 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2018-02-16 18:43 - 2016-03-14 21:04 - 000023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-02-16 18:43 - 2015-12-04 19:27 - 000087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2018-02-16 18:43 - 2007-04-11 10:11 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2018-02-16 18:42 - 2018-02-16 18:54 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Bitdefender
2018-02-16 18:42 - 2017-11-29 00:17 - 000338744 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2018-02-16 18:39 - 2018-02-16 18:39 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\QuickScan
2018-02-16 18:36 - 2018-02-16 18:54 - 000000000 ____D C:\Program Files\Bitdefender
2018-02-16 18:36 - 2018-02-16 18:46 - 000000000 ____D C:\ProgramData\Bitdefender
2018-02-16 18:36 - 2017-05-11 04:37 - 000187688 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-02-16 18:36 - 2017-04-11 03:19 - 000439576 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2018-02-16 18:34 - 2018-02-16 18:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-16 15:59 - 2018-02-16 18:36 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2018-02-16 15:46 - 2018-02-16 15:46 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-02-16 15:44 - 2018-02-16 18:55 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-02-16 15:44 - 2018-02-16 15:44 - 000049135 _____ C:\ProgramData\agent.1518817459.bdinstall.bin
2018-02-16 15:44 - 2018-02-16 15:44 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-02-14 15:30 - 2018-02-16 15:03 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-14 15:30 - 2018-02-16 15:03 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-14 15:29 - 2018-02-16 14:54 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-14 15:29 - 2018-02-16 14:54 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-14 15:29 - 2018-02-14 16:00 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Google
2018-02-14 15:29 - 2018-02-14 15:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-08 13:48 - 2018-02-08 13:48 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-01-21 18:42 - 2018-02-14 15:41 - 000000000 ____D C:\WINDOWS\Minidump
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-16 21:40 - 2017-09-10 15:32 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\clear.fi
2018-02-16 21:38 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-16 21:37 - 2018-01-12 16:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-16 20:24 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-16 20:16 - 2018-01-12 17:16 - 001078990 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-16 20:11 - 2018-01-12 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-16 20:11 - 2017-10-07 03:25 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2018-02-16 20:11 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-16 18:44 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-16 18:38 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-16 18:38 - 2017-09-10 15:28 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Host App Service
2018-02-16 18:34 - 2016-07-14 12:31 - 000000000 ____D C:\ProgramData\McAfee
2018-02-16 18:34 - 2016-07-14 12:31 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-02-16 18:34 - 2016-07-14 12:31 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-02-16 16:13 - 2018-01-12 17:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-02-16 16:10 - 2018-01-12 15:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-02-16 16:10 - 2017-09-09 07:09 - 000000000 ____D C:\Users\Mel
2018-02-16 16:10 - 2016-07-14 12:32 - 000000000 ____D C:\ProgramData\Intel Security
2018-02-16 16:04 - 2017-11-21 15:27 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-02-16 15:03 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-16 15:03 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-16 14:53 - 2018-01-12 17:19 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-440005720-1384804578-157143609-1002
2018-02-16 14:52 - 2017-09-10 15:49 - 000002409 _____ C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-16 14:52 - 2017-09-10 15:49 - 000000000 ___RD C:\Users\Mel.LAPTOP-HR19R3JB\OneDrive
2018-02-14 15:41 - 2016-12-05 12:15 - 000217802 ____N C:\WINDOWS\Minidump\021418-38828-01.dmp
2018-02-14 15:39 - 2018-01-12 16:55 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB
2018-02-14 15:39 - 2017-10-13 19:23 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 15:39 - 2017-09-24 18:39 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 15:30 - 2018-01-09 11:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-02-14 15:27 - 2017-11-24 17:32 - 000459952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswce003cf5d831c5d2.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000379448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3087a49269cab0d9.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000205464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw90335c14641401b0.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000192944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw27e4d37836ed0e2a.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw10efce87bacf4722.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3cd22da15f97ecf1.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw332fa7fffede578a.tmp
2018-02-14 15:27 - 2017-11-24 17:32 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7cb91e7fc05e9ef4.tmp
2018-02-14 15:26 - 2018-01-09 11:01 - 000190440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw561869419b132532.tmp
2018-02-14 15:26 - 2017-11-24 17:32 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1cbf442aa040bd92.tmp
2018-02-14 15:07 - 2018-01-12 16:56 - 000000000 ____D C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Packages
2018-02-05 20:49 - 2018-01-13 01:20 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-05 20:49 - 2018-01-13 01:20 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-25 13:01 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2018-01-23 22:45 - 2018-01-12 18:45 - 000000000 ____D C:\Windows.old
2018-01-18 15:15 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-18 15:13 - 2016-12-05 13:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
Some files in TEMP:
====================
2018-02-16 16:09 - 2017-08-09 13:12 - 001277584 _____ (McAfee, Inc.) C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Temp\0264661518818971mcinst.exe
2017-05-30 19:21 - 2017-05-30 19:21 - 000243240 _____ (McAfee, Inc.) C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Temp\McCSPInstall.dll
2018-02-16 16:11 - 2017-05-30 19:21 - 000208816 _____ (McAfee Inc.) C:\Users\Mel.LAPTOP-HR19R3JB\AppData\Local\Temp\mccspuninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-16 19:44
==================== End of FRST.txt ============================