Inactive-A Amazon assistant pop ups

[Young09]

Hi, I'm a new member who is having trouble with the amazon assistant pop ups. I did all the steps in the sticky, please help tyvm in advance!

(https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/)

 

[Young09]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Ran by young (administrator) on LAPTOP-4DKVBTEV (08-06-2017 13:54:01)
Running from C:\Users\young\Downloads
Loaded Profiles: young (Available Profiles: young)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Dashlane, Inc.) C:\Users\young\AppData\Roaming\Dashlane\Dashlane.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dashlane, Inc.) C:\Users\young\AppData\Roaming\Dashlane\DashlanePlugin.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16704512 2016-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1471488 2016-11-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-06] ()
HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\Run: [Dashlane] => C:\Users\young\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-02] (Dashlane, Inc.)
HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\Run: [DashlanePlugin] => C:\Users\young\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-02] (Dashlane, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{be44c9b5-56bd-4134-b88c-bd68b74b2c21}: [DhcpNameServer] 192.18.128.24
Tcpip\..\Interfaces\{ed0041fa-9923-4335-bcd7-d081bdd43d60}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-377193348-1527929866-1949933065-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-377193348-1527929866-1949933065-1001 -> DefaultScope {9B0DA8A9-4083-426A-AEE4-8F97F71E3909} URL =
SearchScopes: HKU\S-1-5-21-377193348-1527929866-1949933065-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AFDB2C31-378A-47EB-ACC1-A68E47D932B1}&mid=1701ef9c910447ccb86ae12caa6e994a-844cdf8b2553a7ea34167733340fcce42c5aa618&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-09 21:30:49&v=4.2.3.128&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-377193348-1527929866-1949933065-1001 -> {9B0DA8A9-4083-426A-AEE4-8F97F71E3909} URL =
SearchScopes: HKU\S-1-5-21-377193348-1527929866-1949933065-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-06] (AVG)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\young\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-05-02] (Dashlane, Inc.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-06] (AVG)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\young\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-05-02] (Dashlane, Inc.)

FireFox:
========
FF DefaultProfile: ycpif6rv.default
FF ProfilePath: C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default [2017-06-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ycpif6rv.default -> AVG Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ycpif6rv.default -> Google
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ycpif6rv.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ycpif6rv.default -> Secure Search
FF Extension: (Amazon Assistant for Firefox) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\[email protected] [2017-01-22]
FF Extension: (AVG Web TuneUp) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\[email protected] [2017-02-06]
FF Extension: (Dashlane) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\[email protected] [2017-05-30]
FF Extension: (English (US) Language Pack) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\[email protected] [2017-04-26]
FF Extension: (Flash and Video Download) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-02-23]
FF Extension: (Adblock Plus) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (JavaScript Debugger) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-04-26]
FF Extension: (Follow-on Search Telemetry) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\features\{8783088e-365b-40aa-86ff-e2e46c7f84e3}\[email protected] [2017-06-05]
FF SearchPlugin: C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\searchplugins\avg-secure-search.xml [2017-02-08]
FF SearchPlugin: C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\ycpif6rv.default\searchplugins\McSiteAdvisor.xml [2016-03-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\young\AppData\Local\Google\Chrome\User Data\Default [2017-06-08]
CHR Extension: (Google Slides) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-18]
CHR Extension: (Google Docs) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-18]
CHR Extension: (YouTube) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-18]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2016-05-18]
CHR Extension: (Google Sheets) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-04]
CHR Extension: (AdBlock) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-04]
CHR Extension: (Gmail) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [102064 2017-02-28] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-24] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe [301528 2016-11-23] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHDCPSvc.exe [480216 2016-11-23] (Intel Corporation)
R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [82944 2015-12-04] (Dashlane SAS)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] ()
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe [341976 2016-11-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26608 2016-07-12] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [181928 2017-01-20] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-05-19] (Power Admin LLC)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-04] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-04] (Acer Incorporated)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-24] ()
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1770136 2015-08-04] (Intel Corporation)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-06] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-06] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314128 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-05-24] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102280 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-05-24] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [570320 2017-05-24] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [160008 2017-05-24] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340824 2017-05-24] (AVG Technologies CZ, s.r.o.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igdkmd64.sys [11039704 2016-11-23] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [227952 2016-11-08] (Intel(R) Corporation)
R3 IntcDMic; C:\WINDOWS\system32\DRIVERS\IntcDMic.sys [607344 2016-08-19] (Intel(R) Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [659544 2016-11-08] (Intel(R) Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-04] (Acer Incorporated)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-04] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-18] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-05-27] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 13:54 - 2017-06-08 13:54 - 00024847 _____ C:\Users\young\Downloads\FRST.txt
2017-06-08 13:53 - 2017-06-08 13:54 - 00000000 ____D C:\FRST
2017-06-08 13:53 - 2017-06-08 13:53 - 02435072 _____ (Farbar) C:\Users\young\Downloads\FRST64.exe
2017-06-08 13:49 - 2017-06-08 13:49 - 10819575 _____ C:\Users\young\Downloads\Freshmac.pkg
2017-05-31 20:09 - 2017-05-31 20:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-31 20:09 - 2017-03-10 14:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-31 20:09 - 2017-03-10 14:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-31 20:09 - 2017-03-10 14:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-31 20:09 - 2017-03-10 14:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-31 20:06 - 2017-05-31 20:07 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-30 21:49 - 2017-05-30 21:49 - 05784512 _____ C:\Users\young\Downloads\Smokepurpp - Audi..m4a
2017-05-30 21:14 - 2017-05-30 21:14 - 00000000 _____ C:\WINDOWS\SysWOW64\InstallPlugV2.plug.plug
2017-05-30 21:08 - 2017-05-30 21:08 - 69770628 _____ C:\Users\young\Downloads\NBA_YoungBoy_-_Untouchable-(DatPiff.com).zip
2017-05-30 21:08 - 2017-05-30 21:08 - 00000000 ____D C:\Users\young\Downloads\NBA_YoungBoy_-_Untouchable-(DatPiff.com)
2017-05-30 19:27 - 2017-05-30 19:27 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-05-30 19:27 - 2017-05-30 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-30 19:26 - 2017-05-30 19:27 - 00000000 ____D C:\Program Files\iTunes
2017-05-30 19:26 - 2017-05-30 19:26 - 00000000 ____D C:\Program Files\iPod
2017-05-24 21:28 - 2017-05-24 21:28 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-05-18 07:54 - 2017-05-18 07:54 - 35397536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-18 07:54 - 2017-05-18 07:54 - 28632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-18 07:53 - 2017-05-18 07:53 - 00969632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-18 07:53 - 2017-05-18 07:53 - 00920664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-18 07:53 - 2017-05-18 07:53 - 00618584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-18 07:53 - 2017-05-18 07:53 - 00507992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 40210520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 35290200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 03800992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 03256408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 01996704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 01598368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 01062816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-18 07:52 - 2017-05-18 07:52 - 00999840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 11162000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 11129704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 10648520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 09335528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 09102488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 08891160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 03647864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 01298696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 01013344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 00791792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 00703880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 00626392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-05-18 07:50 - 2017-05-18 07:50 - 00591672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-18 04:34 - 2017-05-18 04:34 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-05-18 04:34 - 2017-05-18 04:34 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-05-09 11:56 - 2017-04-27 18:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 11:56 - 2017-04-27 18:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 11:56 - 2017-04-27 18:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-09 11:56 - 2017-04-27 17:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 11:56 - 2017-04-27 17:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-09 11:56 - 2017-04-27 17:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 11:56 - 2017-04-27 17:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 11:56 - 2017-04-27 17:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 11:56 - 2017-04-27 17:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 11:56 - 2017-04-27 17:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 11:56 - 2017-04-27 17:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 11:56 - 2017-04-27 17:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 11:56 - 2017-04-27 17:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 11:56 - 2017-04-27 17:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 11:56 - 2017-04-27 17:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 11:56 - 2017-04-27 16:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 11:56 - 2017-04-27 16:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 11:56 - 2017-04-27 16:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-09 11:56 - 2017-04-27 16:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 11:55 - 2017-04-27 18:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-09 11:55 - 2017-04-27 18:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 11:55 - 2017-04-27 18:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 11:55 - 2017-04-27 18:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 11:55 - 2017-04-27 18:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-09 11:55 - 2017-04-27 18:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-09 11:55 - 2017-04-27 18:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-09 11:55 - 2017-04-27 18:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 11:55 - 2017-04-27 18:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 11:55 - 2017-04-27 18:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 11:55 - 2017-04-27 18:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 11:55 - 2017-04-27 18:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 11:55 - 2017-04-27 18:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 11:55 - 2017-04-27 18:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-09 11:55 - 2017-04-27 18:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 11:55 - 2017-04-27 18:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 11:55 - 2017-04-27 18:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-09 11:55 - 2017-04-27 18:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 11:55 - 2017-04-27 17:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-09 11:55 - 2017-04-27 17:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 11:55 - 2017-04-27 17:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-09 11:55 - 2017-04-27 17:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 11:55 - 2017-04-27 17:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 11:55 - 2017-04-27 17:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 11:55 - 2017-04-27 17:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 11:55 - 2017-04-27 17:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 11:55 - 2017-04-27 17:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-09 11:55 - 2017-04-27 17:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-09 11:55 - 2017-04-27 17:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-09 11:55 - 2017-04-27 17:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 11:55 - 2017-04-27 17:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 11:55 - 2017-04-27 17:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 11:55 - 2017-04-27 17:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-09 11:55 - 2017-04-27 17:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 11:55 - 2017-04-27 17:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 11:55 - 2017-04-27 17:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 11:55 - 2017-04-27 17:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 11:55 - 2017-04-27 17:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-09 11:55 - 2017-04-27 17:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 11:55 - 2017-04-27 17:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 11:55 - 2017-04-27 17:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-09 11:55 - 2017-04-27 17:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 11:55 - 2017-04-27 17:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 11:55 - 2017-04-27 17:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-09 11:55 - 2017-04-27 17:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-09 11:55 - 2017-04-27 17:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-09 11:55 - 2017-04-27 17:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-09 11:55 - 2017-04-27 17:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 11:55 - 2017-04-27 17:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 11:55 - 2017-04-27 17:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-09 11:55 - 2017-04-27 17:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 11:55 - 2017-04-27 17:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 11:55 - 2017-04-27 17:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-09 11:55 - 2017-04-27 17:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 11:55 - 2017-04-27 17:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-09 11:55 - 2017-04-27 17:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 11:55 - 2017-04-27 17:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 11:55 - 2017-04-27 17:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-09 11:55 - 2017-04-27 17:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 11:55 - 2017-04-27 17:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-09 11:55 - 2017-04-27 17:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 11:55 - 2017-04-27 17:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-09 11:55 - 2017-04-27 17:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-09 11:55 - 2017-04-27 17:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 11:55 - 2017-04-27 17:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 11:55 - 2017-04-27 17:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-09 11:55 - 2017-04-27 17:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-09 11:55 - 2017-04-27 17:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 11:55 - 2017-04-27 17:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 11:55 - 2017-04-27 17:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-09 11:55 - 2017-04-27 17:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 11:55 - 2017-04-27 17:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 11:55 - 2017-04-27 17:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-09 11:55 - 2017-04-27 17:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-09 11:55 - 2017-04-27 17:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 11:55 - 2017-04-27 17:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-09 11:55 - 2017-04-27 17:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 11:55 - 2017-04-27 17:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 11:55 - 2017-04-27 17:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-09 11:55 - 2017-04-27 17:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 11:55 - 2017-04-27 17:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 11:55 - 2017-04-27 17:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-09 11:55 - 2017-04-27 16:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 11:55 - 2017-04-27 16:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 11:55 - 2017-04-27 16:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 11:55 - 2017-04-27 16:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 11:55 - 2017-04-27 16:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-09 11:55 - 2017-04-27 16:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-09 11:55 - 2017-04-27 16:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 11:55 - 2017-04-27 16:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-09 11:55 - 2017-04-27 16:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-09 11:55 - 2017-04-27 16:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 11:55 - 2017-04-27 16:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 11:55 - 2017-04-27 16:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 13:48 - 2016-11-20 23:31 - 00000000 ____D C:\Users\young\AppData\LocalLow\Mozilla
2017-06-08 13:47 - 2017-05-07 18:15 - 00966438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-08 13:45 - 2015-12-20 03:58 - 00000000 ____D C:\Users\young\AppData\Roaming\Dashlane
2017-06-08 13:44 - 2015-12-20 04:00 - 00001960 _____ C:\Users\young\Desktop\Dashlane.lnk
2017-06-08 13:44 - 2015-12-20 02:11 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-08 13:44 - 2015-12-09 21:44 - 00000000 ____D C:\Users\young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-06-08 13:42 - 2015-12-09 21:44 - 00000000 __SHD C:\Users\young\IntelGraphicsProfiles
2017-06-08 13:40 - 2017-05-07 18:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-08 13:40 - 2016-08-03 03:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-08 13:39 - 2017-03-18 04:40 - 02097152 _____ C:\WINDOWS\system32\config\BBI
2017-06-08 13:38 - 2017-05-07 17:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-08 10:23 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-08 10:23 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-08 10:22 - 2017-05-07 18:15 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{18A095A1-3DF0-4044-8ED5-22C508BAB30F}
2017-06-07 12:24 - 2017-05-07 18:15 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-06-07 11:27 - 2017-05-07 18:15 - 00004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-06-01 08:48 - 2017-05-07 17:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-31 20:09 - 2017-05-07 17:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-31 20:08 - 2016-05-19 02:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-31 20:06 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-30 21:10 - 2016-11-17 19:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-30 21:10 - 2015-08-31 00:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-29 09:36 - 2017-03-07 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-29 09:36 - 2015-12-09 22:21 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-24 21:28 - 2017-03-04 00:58 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys.149568653564001
2017-05-24 21:28 - 2017-03-04 00:58 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-05-24 21:28 - 2017-03-04 00:58 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-05-22 20:20 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-22 19:45 - 2015-12-10 00:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-22 19:43 - 2015-12-10 00:10 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-18 07:50 - 2017-01-17 06:50 - 04136744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-18 04:34 - 2017-01-17 02:37 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-16 11:39 - 2016-05-18 17:12 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 11:39 - 2016-05-18 17:12 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-10 23:04 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-09 18:16 - 2016-08-03 11:08 - 00000000 ____D C:\Users\young\AppData\Local\ConnectedDevicesPlatform
2017-05-09 18:16 - 2015-08-31 00:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-09 17:43 - 2017-05-07 17:57 - 00000000 ____D C:\Users\young
2017-05-09 17:42 - 2017-05-07 17:50 - 00259064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-09 17:40 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-09 17:40 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-09 17:40 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-09 17:40 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-09 12:00 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-09 11:50 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-09 11:45 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-09 11:43 - 2017-05-07 18:15 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-09 11:43 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-09 11:43 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2017-05-07 17:55 - 2017-05-07 17:55 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2015-12-31 19:18 - 2016-08-22 00:08 - 0000047 _____ () C:\ProgramData\serverclasscache.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-02 01:25

==================== End of FRST.txt ============================

 

[Young09]

Additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by young (08-06-2017 13:55:15)
Running from C:\Users\young\Downloads
Windows 10 Home Version 1703 (X64) (2017-05-08 01:23:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-377193348-1527929866-1949933065-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-377193348-1527929866-1949933065-503 - Limited - Disabled)
Guest (S-1-5-21-377193348-1527929866-1949933065-501 - Limited - Disabled)
young (S-1-5-21-377193348-1527929866-1949933065-1001 - Administrator - Enabled) => C:\Users\young

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{5437E77B-E4B5-45E7-BD33-95C3F0AA6602}) (Version: 10.17.0228 - Amazon) <==== ATTENTION
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\HostAppService_4efc125e5bdfe64bf86cc73a85a9d56ebf10231c) (Version: 1.0.2 - )
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.4 - AVAST Software)
AVG (Version: 1.191.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CrossFire (HKLM-x32\...\CrossFire_is1) (Version: 1220 - Z8Games.com)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
Dashlane (HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\Dashlane) (Version: 4.7.2.29375 - Dashlane SAS)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 1.2.3.5 - Dashlane SAS)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.37.126 - OSToto Co., Ltd.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version: - )
Host App Service (HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\Host App Service) (Version: 0.271.0.188 - SweetLabs)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Mafia III v.1.010 (HKLM-x32\...\Mafia III_is1) (Version: - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-377193348-1527929866-1949933065-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.0099 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Thunderbolt(TM) Software (HKLM-x32\...\{5B88BE64-93E7-4D6B-83D0-37B911166FF2}) (Version: 15.2.35.250 - Intel Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D3E1F3C-0C4B-4B8D-AA23-8C12EF4C9C5E} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] ()
Task: {2418823E-6F77-4B59-8638-65F6C3A49D4B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-10] ()
Task: {2497E88C-D75D-4A1F-8687-C5A7E709B0B5} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {2575117D-F93B-4AC1-9712-3F3710487B3C} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-09-04] (Acer Incorporated)
Task: {32ECBDCC-BC48-4688-8052-8DF7C34A20EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {35B6BAA6-2C8C-43FC-8168-4179065707EC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {3BB5DAF0-4AAF-42EA-BDD8-7F4894D9D4D3} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {3D4958BC-AE42-4B79-BC7A-8F399EA541F1} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-04] (Acer Incorporated)
Task: {4DAE3730-7225-4127-9EE7-694C8DE74D73} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-24] (AVG Technologies CZ, s.r.o.)
Task: {5489B2A5-86A5-4353-8A97-E5963088EAFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {5E3D452A-FE87-416E-9E7E-5EE9B094D327} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {65EF3997-45C8-4300-9B61-FAB4CEDA0AA4} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-24] (AVAST Software)
Task: {6E239331-F376-4779-88A5-CC23AC90FB30} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {73A59DCB-1405-4C61-82CE-357982A55CD0} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {755EF5BC-9E2E-4799-9A78-6228BA5DDD47} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-22] (Microsoft Corporation)
Task: {97A9B2E4-1D67-4AF2-A2D2-D4EF652C13FA} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {A7695B81-0C36-4BDD-8B7E-B90300EF0139} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {AE676A40-B1DA-433E-B8EF-27BEBCF03DDB} - System32\Tasks\{56FCE8FD-A71B-4684-B608-B0A2CEFF5E14} => pcalua.exe -a C:\Users\young\Downloads\GwSetup.exe -d C:\Users\young\Downloads
Task: {B1560C7B-F800-452E-ABA0-028BF0CB8DE9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {B6F39602-FFE5-47FC-B965-F82F100CBB07} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {C03C763E-B201-4A15-A7EA-8ED5A3A81740} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {CFCA3644-CDA8-4DD6-B6F7-98D1BF71A8D2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {D781ADDD-0114-4902-B34C-4B0F4E32F996} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {E565A91A-A3EE-436B-A9C2-0C041B3CDF80} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-03-01] (AVAST Software)
Task: {F0FBF34F-FA1B-4EA1-ABF3-50BB6A39A9F4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Booking.com.lnk -> C:\Program Files\Booking.COM\StartURL.exe () -> hxxp://www.booking.com/index.html?aid=379334

==================== Loaded Modules (Whitelisted) ==============

2015-12-09 22:30 - 2017-02-06 12:29 - 00981576 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2016-07-12 20:55 - 2016-07-12 20:55 - 01299952 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2.dll
2016-05-24 00:29 - 2016-05-24 00:29 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2017-02-28 16:19 - 2017-02-28 16:19 - 00102064 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-06-16 04:53 - 2015-06-16 04:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2015-09-29 02:07 - 2015-05-14 00:10 - 00030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2015-12-09 22:30 - 2017-02-06 12:29 - 02183752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2017-05-09 03:04 - 2017-05-09 03:04 - 00236856 _____ () C:\Program Files\iTunes\libxslt.dll
2016-07-18 10:39 - 2016-07-18 10:39 - 00154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-07-10 03:38 - 2015-07-10 03:38 - 04580704 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-06-08 10:22 - 2017-06-08 10:22 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 10:22 - 2017-06-08 10:22 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 10:22 - 2017-06-08 10:22 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 10:22 - 2017-06-08 10:22 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2015-12-25 01:24 - 2017-01-20 02:44 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2015-12-25 01:24 - 2015-12-14 03:20 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2015-12-25 01:24 - 2017-01-20 02:44 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2015-12-25 01:24 - 2017-01-20 02:44 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2015-12-25 01:24 - 2015-12-14 03:20 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-05-19 02:36 - 2016-06-14 13:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-24 21:28 - 2017-05-24 21:28 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-05-24 21:28 - 2017-05-24 21:28 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-05-24 21:28 - 2017-05-24 21:28 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-05-24 21:28 - 2017-05-24 21:28 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-05-24 21:28 - 2017-05-24 21:28 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-05-24 21:28 - 2017-05-24 21:28 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-12-02 05:50 - 2016-12-02 05:50 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-05-07 17:59 - 2017-05-07 17:59 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-05-24 00:30 - 2016-05-24 00:30 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2015-08-07 01:09 - 2015-08-07 01:09 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:04 - 2015-07-10 04:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-377193348-1527929866-1949933065-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{58DA8734-60A4-4F3F-AB7C-BE72E48EE4F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CA951EB9-5116-403C-8059-E9A2D6A5B969}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D001A87E-B925-410A-BFB5-D296AC3D2883}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DEEE5C61-6676-4906-8CAA-0DAD792CF75D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A7FBD6E5-7F2E-42C7-9FCA-D35F0935CEAB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C4DEABF6-6463-401B-B0EC-CC1CF6F1D8D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{04FC718D-CDB5-45FD-A58B-84EC9F48F741}C:\games\mafia iii\mafia3.exe] => (Allow) C:\games\mafia iii\mafia3.exe
FirewallRules: [TCP Query User{418C47BA-9BFB-42C5-BC70-42835AFAF324}C:\games\mafia iii\mafia3.exe] => (Allow) C:\games\mafia iii\mafia3.exe
FirewallRules: [UDP Query User{1F066495-C503-4DCA-B601-00665DB9731B}C:\games\mafia iii\launcher.exe] => (Allow) C:\games\mafia iii\launcher.exe
FirewallRules: [TCP Query User{178005A4-2E78-4CC8-BD03-65E47E882A92}C:\games\mafia iii\launcher.exe] => (Allow) C:\games\mafia iii\launcher.exe
FirewallRules: [{F2D2DA5A-5617-4D0C-9781-DF83A0D523C1}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{791D4A39-217A-4CBC-BD47-8A0978D9D763}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8580111B-9F75-40F3-A13E-8A510A48B070}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4CB8B889-8DE5-4626-BF01-F549D31471AC}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1F4248D-E02F-4FA1-BFBC-5635205DE017}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{700ACD5B-6666-4D5A-A829-4E2164B405FE}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E4BE137-3729-42CF-9609-D5A919E49795}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E69EA2B0-76D9-490E-B25E-2D5346E6F524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{934EBB4D-6D14-479C-AF33-FE41C987B7BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7AA7EEA7-D51F-4FFF-9421-2B7B76E10026}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{EA1BFD8B-B38E-4409-AFF4-F9ABC13F9CFC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{7A86D349-8625-460D-AEF2-AA9FCE6E8680}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{16F096BA-C5A5-4CE0-BA0C-E44A43A505C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{48D3AE0B-FFB9-4CA8-AD1E-06C1BCBDD6A7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{9E7E7B42-26ED-438C-945A-A31B5051B7FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0DD28DE4-C984-48BC-ADA8-E2547399B6E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{518CE6EE-FC0F-41B2-AC30-90BFE18EA869}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4115F1A6-22F8-473C-8D0B-0FE381383143}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{F1F74F3F-36CE-4CAA-A667-254A6BF98B78}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{7BD8B861-474D-4D46-BA0E-97EBA8D1210D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FC98873A-32D0-4F2C-85D5-597BC35F02B1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2DBFB848-76E9-4C47-978A-456674D0812F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{49A51D5B-2F55-450F-973E-FC9E034A33B5}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{90FD41C6-DD66-4C21-80FF-72910A93FF6A}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{9DEA1BAE-1F7F-4E9C-A8C5-7093B873EF43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B7B52E4-6496-4545-ACB2-44CF5095D7CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CB7EB7B-B0A3-48FB-8CC2-C4B01D4B75A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F7F3D9E4-366A-4298-A759-FF0892D7C6A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{751A9269-4072-4556-81C3-DE1119E73AB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E2AAB5E-BFC2-4237-A1E7-7B20EE7766CA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{47BAD00C-0EA7-4654-843D-02829010C0B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2E9EFD81-EF7A-4ED5-AF8C-014E6A2F6574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BDAD239-8940-4BBC-848A-49F56F6CF044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{936F4296-C397-4313-83C4-88B2F847544B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19B24ADB-BEC7-4A64-9E4D-4E1C0D8D3BA8}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{67C6E9BB-53E2-45EC-8F7E-3FCF6A6EAE24}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{4F6F7238-8BDA-49FE-8DAD-A8492D18D4FC}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{BE13F9EE-7C68-4914-8856-1C71222B3C37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E1871878-B4E9-4EB8-8366-60BE7C80F412}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB7AC2C9-40CD-4F11-AAB2-5F74C2F78BD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FB13E91B-683A-46E5-A759-6C0629080A48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6B7EC878-92ED-4931-A9F4-8D0E3B7C8DC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{92AB1AB3-D758-4DC9-BE10-B25DF086A0A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{240000EE-EDC1-428A-A7D6-0A605DAC4F1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9EEF8DF4-2404-4DF2-8D5D-38D72B261FA1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C793959-EC06-4AA9-B073-1E442FB70850}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

22-05-2017 19:43:00 Windows Update
31-05-2017 20:04:22 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2017 01:41:32 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-4DKVBTEV$ via https://INTC-KeyId-5e73c89aa3e902b2...24a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(609ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (06/08/2017 12:51:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (06/08/2017 12:51:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (06/08/2017 12:51:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2017 10:19:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23594719

Error: (06/08/2017 10:19:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23594719

Error: (06/08/2017 10:19:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2017 03:45:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (06/08/2017 03:45:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (06/08/2017 03:45:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/08/2017 01:41:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/08/2017 01:41:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (06/08/2017 01:41:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/08/2017 01:41:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/08/2017 01:40:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (06/08/2017 01:39:52 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (06/08/2017 01:38:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/08/2017 10:19:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/07/2017 11:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2017 06:50:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8105.78 MB
Available physical RAM: 4751.38 MB
Total Virtual: 9385.78 MB
Available Virtual: 5824.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:743.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24BBC929)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

Uninstall following unwanted program: Amazon Assistant.
If it won't let you continue with next steps.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Young09]

Haha jesus, that uninstall was all I needed to do! Thank you so very much Broni, I wish I had used a lil more common sense but nonetheless I appreciate the help and time!

 

[Broni]

Good news but it may be good idea to run other tools to see if nothing else is hiding.

 

[Young09]

Ok then I definitely will, I should try each and every one or could you suggest a select few? thanks again

 

[Broni]

Run all four.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.