Inactive C:\ Program Files (x86)\Amazon\Amazon Assistent\aa.hta

Status
Not open for further replies.
J

JjBee

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by Jasiah Bernales (administrator) on LAPTOP-0KNF3GVG (18-07-2017 22:04:51)
Running from C:\Users\jonas\Downloads
Loaded Profiles: Jasiah Bernales (Available Profiles: Jasiah Bernales)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-10] (AVAST Software)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\Run: [Chromium] => "c:\users\jonas\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\MountPoints2: {e96090db-e682-11e6-9c0f-54ab3a114155} - "E:\Setup.exe" /s
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8de16144-4185-4656-8e9a-30842294c051}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7669a35-02c4-40d5-9e68-bfcbde80695b}: [DhcpNameServer] 40.32.1.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830933519764&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830934312648&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830934463494&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> DefaultScope {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.12.0.0_neutral__c1wakc4j0nefm [2017-05-02]
Edge Extension: (No Name) -> MouseGestures_MicrosoftMouseGestures_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2017-06-01]
FireFox:
========
FF DefaultProfile: mfu97agf.default
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mfu97agf.default\Profiles\mfu97agf.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\mfu97agf.default\Profiles\mfu97agf.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default [2016-10-25]
FF NewTab: Mozilla\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\mfu97agf.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\mfu97agf.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF Keyword.URL: Mozilla\Firefox\Profiles\mfu97agf.default -> user_pref("keyword.URL", true);
FF Extension: (English (US) Language Pack) - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-10-09]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\Extensions\partnerdefaults@mozilla.com [2016-07-26]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\8ef60il3.xml [2016-10-22]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\mylucky123.xml [2016-10-25]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\yahoo! powered.xml [2016-09-01]
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default [2017-07-18] <==== ATTENTION
FF NewTab: Firefox\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF DefaultSearchEngine: Firefox\Firefox\Profiles\mfu97agf.default -> youndoo
FF SelectedSearchEngine: Firefox\Firefox\Profiles\mfu97agf.default -> youndoo
FF Homepage: Firefox\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF Keyword.URL: Firefox\Firefox\Profiles\mfu97agf.default -> user_pref("keyword.URL", true);
FF Extension: (English (US) Language Pack) - C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-11-05] [not signed]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default\Extensions\partnerdefaults@mozilla.com [2016-10-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-10] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323152 2015-05-29] (Windows (R) Win 7 DDK provider)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-10] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2017-03-08] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-08-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-10] (AVAST Software s.r.o.)
S3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-10] (AVAST Software s.r.o.)
S3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-10] (AVAST Software s.r.o.)
S3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-10] (AVAST Software)
S3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-10] (AVAST Software)
S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-10] (AVAST Software)
S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-10] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-10] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-06] (The OpenVPN Project)
S3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-10] (AVAST Software)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-03-08] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-07-20] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-03-08] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [70960 2017-03-08] (ESET)
S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-02] (Intel(R) Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5741816 2015-08-20] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [51368 2015-05-11] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-18 22:04 - 2017-07-18 22:04 - 00031372 _____ C:\Users\jonas\Downloads\FRST.txt
2017-07-18 22:04 - 2017-07-18 22:04 - 00000000 ___DC C:\FRST
2017-07-18 22:03 - 2017-07-18 22:03 - 02435584 _____ (Farbar) C:\Users\jonas\Downloads\FRST64.exe
2017-07-18 21:50 - 2017-07-18 21:50 - 00000000 ____D C:\Users\jonas\AppData\Local\Firefox
2017-07-18 19:45 - 2017-07-18 19:45 - 00000000 ____D C:\WINDOWS\Panther
2017-07-18 19:20 - 2017-07-18 19:20 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1497028472
2017-07-18 19:19 - 2017-07-18 19:19 - 00000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2017-07-18 19:19 - 2017-07-18 19:19 - 00000000 ___DC C:\Program Files\Jagex
2017-07-18 19:15 - 2017-07-18 19:17 - 05502016 _____ (Jagex Ltd ) C:\Users\jonas\Downloads\RuneScape-Setup.exe
2017-07-18 19:10 - 2017-07-18 19:10 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-18 17:51 - 2017-07-18 17:51 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2017-07-18 17:50 - 2017-07-18 17:50 - 00000000 ___HD C:\Program Files (x86)\Amazon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-18 21:57 - 2016-07-28 19:20 - 00000000 ____D C:\Users\jonas\AppData\Roaming\Spotify
2017-07-18 21:56 - 2016-10-10 12:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2017-07-18 21:55 - 2016-10-20 12:48 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 21:49 - 2016-07-28 19:25 - 00000000 ____D C:\Users\jonas\AppData\Local\Spotify
2017-07-18 21:46 - 2017-06-10 00:58 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-18 21:42 - 2015-07-22 11:08 - 01271470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-18 21:37 - 2016-10-10 12:29 - 00000000 ____D C:\Users\jonas
2017-07-18 21:37 - 2016-10-10 12:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-18 21:34 - 2016-10-10 12:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 21:34 - 2016-10-10 12:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 20:05 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-18 20:04 - 2016-08-19 01:11 - 00000000 ____D C:\Program Files (x86)\vShare Helper
2017-07-18 20:02 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-18 19:54 - 2017-06-01 20:45 - 00000000 ____D C:\Users\jonas\AppData\LocalLow\uTorrent
2017-07-18 19:54 - 2017-03-12 15:42 - 00000000 ____D C:\Users\jonas\AppData\Roaming\uTorrent
2017-07-18 19:43 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-18 19:33 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 19:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 19:20 - 2016-07-27 07:25 - 00000000 ____D C:\ProgramData\Jagex
2017-07-18 19:19 - 2016-12-14 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-07-18 19:19 - 2016-07-27 07:25 - 00000000 ____D C:\Users\jonas\AppData\Local\Jagex
2017-07-18 19:17 - 2016-07-28 19:53 - 00000000 ____D C:\Users\jonas\Downloads\EXE FILES
2017-07-18 18:29 - 2015-07-22 11:06 - 00000000 ___DC C:\Program Files (x86)\Acer
2017-07-18 18:26 - 2016-07-26 19:29 - 00000000 ____D C:\Users\jonas\AppData\Local\clear.fi
2017-07-18 18:25 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-07-18 18:21 - 2017-04-11 09:02 - 00000000 ___DC C:\Program Files (x86)\Dropbox
==================== Files in the root of some directories =======
2016-07-31 22:36 - 2016-10-21 01:24 - 0000193 _____ () C:\Users\jonas\AppData\Roaming\WB.CFG
2016-10-10 12:22 - 2016-10-10 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-21 21:28 - 2016-09-21 21:28 - 0000028 _____ () C:\ProgramData\pintext.txt
Some files in TEMP:
====================
2017-07-18 18:25 - 2016-08-15 15:44 - 4964568 _____ (Acer Incorporated) C:\Users\jonas\AppData\Local\Temp\AcerDocsSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-10 02:11
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by Jasiah Bernales (18-07-2017 22:10:38)
Running from C:\Users\jonas\Downloads
Windows 10 Home Single Language Version 1607 (X64) (2016-10-10 05:12:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2178256675-3852963564-1310966750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2178256675-3852963564-1310966750-503 - Limited - Disabled)
Guest (S-1-5-21-2178256675-3852963564-1310966750-501 - Limited - Disabled)
Jasiah Bernales (S-1-5-21-2178256675-3852963564-1310966750-1001 - Administrator - Enabled) => C:\Users\jonas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AdventureQuest 3D (HKLM\...\Steam App 429790) (Version: - Artix Entertainment, LLC)
Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== ATTENTION
Any Audio Converter 5.9.9 (HKLM-x32\...\Any Audio Converter) (Version: 5.9.9 - Anvsoft)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChilliTorrent 1.06 (HKLM-x32\...\ChilliTorrent) (Version: 1.06 - Affsbay)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
Dont Starve - Shipwrecked (HKLM-x32\...\Dont Starve - Shipwrecked_is1) (Version: - )
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{3DC26EA7-03E3-4353-9424-EEB7A34A7504}) (Version: 2.5.0427 - OEM)
ESET NOD32 Antivirus (HKLM\...\{3E28A4F1-F5C8-46AD-862C-81EBA1536FA8}) (Version: 10.0.369.0 - ESET, spol. s r.o.)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\Google Chrome) (Version: 21.0.1180.89 - Google Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
InterHop (HKLM-x32\...\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}) (Version: 1.0.0 - InterHop) <==== ATTENTION
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: - )
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2130 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Online Special Application (HKLM-x32\...\{57281722-3238-4A30-AAE7-85D93977E0FE}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.65 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
ReMouse Standard (HKLM-x32\...\ReMouse Standard_is1) (Version: Standard V3.5.3 - AutomaticSolution Software)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) <==== ATTENTION
Spotify (HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Traffic Exchange (HKLM-x32\...\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}) (Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
UpdateAssistant (HKLM-x32\...\{F9D14939-1792-44AB-8C53-F208534C2548}) (Version: 1.2.0.0 - Microsoft Corporation) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
vShare Helper (HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\vShare Helper) (Version: 1.1.5.3 - vShare.com Co.,LTD)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17361 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
YellowSend (HKLM-x32\...\YSPackage) (Version: - CMI Limited) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-10] (AVAST Software)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ContextMenuHandlers01: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-03-08] (ESET)
ContextMenuHandlers01: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-27] (Foxit Software Inc.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-03-08] (ESET)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-10] (AVAST Software)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-20] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-10] (AVAST Software)
ContextMenuHandlers06: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-03-08] (ESET)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {084E42B7-62A9-435A-9D21-71F86CF4CDA0} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-06-24] ()
Task: {0C786EA8-E939-47D2-9695-2235C614D40C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {0E92CF6C-3CDA-4CC3-A355-BD740C9FCB6A} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {120F0618-568E-4E75-9656-F6E5285A6C1F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {17549278-DBE5-4A05-B265-CC0E7939D819} - System32\Tasks\CareCenter\USB Security_Reg_HKLMWow6432Run => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [2011-01-29] (Zbshareware Lab)
Task: {19A806C0-0B94-4EA5-8002-6DD280893582} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {22604B29-6C5A-4779-AE0A-607A017BE2D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {283388A9-4234-40C5-A36A-513B79186289} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2880EE23-E400-4C4C-9519-3421ADCCD162} - System32\Tasks\SafeZone scheduled Autoupdate 1497028472 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {2EA6A4BF-EEB6-4C60-8A85-64273B9890A0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-10] (AVAST Software)
Task: {315C21B4-9229-408D-B65C-E32EE70C0E42} - System32\Tasks\{2BA32C10-25F4-4FA6-82DC-B7F5FBE68520} => C:\Windows\system32\pcalua.exe -a "C:\Users\jonas\Downloads\Intel Components\win64_154001.exe" -d "C:\Users\jonas\Downloads\Intel Components"
Task: {433FA05D-1256-4137-91EB-1E497F685A45} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {4F2BEC66-9358-4030-9783-ACC60470664A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-11] (Dropbox, Inc.)
Task: {5E609473-18C2-4C1B-B9F7-7346C39C414E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {5EA036ED-F389-4483-912A-D61953907589} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {5F316BEC-5E38-4B7B-BC7C-4F0823E8EA61} - System32\Tasks\CareCenter\Steam_Reg_HKCURun_S-1-5-21-2178256675-3852963564-1310966750-1001 => C:\Program Files (x86)\Steam\Steam.exe [2016-12-20] (Valve Corporation) <==== ATTENTION
Task: {7B52E38C-E5EA-47A1-B818-D6AD76C82197} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\jonas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7DDC9C69-BF71-4CF2-BC67-CB507ED5DD06} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13] (Microsoft Corporation)
Task: {8AFE6683-CC34-4B24-B9E1-E75BD6FE6E4A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation)
Task: {8BC92ED5-9CD5-4156-8962-7C3EF792D7E2} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {92AAD80B-95CA-4835-B984-C4FDBE686646} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-06] (Microsoft Corporation)
Task: {9660AC59-D2EE-49A7-B795-622A82893DFB} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {9B172002-A63D-4A1C-B5DA-8A7832416CEC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {C000A54E-851A-4A7B-85BF-69D08DAD8095} - \Fekutain Renew -> No File <==== ATTENTION
Task: {C038F107-9C49-4F8C-9D0B-2E7ADBC0F8B6} - System32\Tasks\CareCenter\Spotify_Reg_HKCURun_S-1-5-21-2178256675-3852963564-1310966750-1001 => C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe [2017-07-18] (Spotify Ltd)
Task: {C27504E3-C171-499A-A519-7890491CACCA} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe
Task: {C31C49E9-70C5-4F4C-8BBC-A60D95DDA2F4} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {C69BE47D-22AA-43AF-83C1-7C2604AE5A3D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {C86EA962-966C-40E1-9B76-B93C5E766927} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated)
Task: {CC5B9FF9-4C07-41A9-BEB2-437F1C35CA74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-12] (Adobe Systems Incorporated)
Task: {D237B75B-3DAF-4D4B-B5CB-2E26D3C46496} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
Task: {E06AC7B9-A68B-41E4-AF9A-9417567C20CF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {E29AB08E-5896-4D97-9632-0610CE027F43} - System32\Tasks\CareCenter\Spotify Web Helper_Reg_HKCURun_S-1-5-21-2178256675-3852963564-1310966750-1001 => C:\Users\jonas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-07-18] (Spotify Ltd)
Task: {E2C5A496-CF8E-485B-95D1-293B1E003B4E} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-24] ()
Task: {E581A7DB-0BD9-45F2-9AFA-E9373124136C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {F369E9A6-3377-4046-B342-6767C462F539} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {F464B15C-42A9-4141-A3EF-64E2CA1859BD} - System32\Tasks\Updater_Online_Special_Application => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== ATTENTION
Task: {F873C612-DD50-4D1A-A96F-FA47FEE60BEB} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {FB4F9445-D24D-41DE-9F5B-9FE7352F3456} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-05-20] (Realtek Semiconductor)
Task: {FDD36F69-5AC3-40C7-BB04-3B70163489FA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-11] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Special_Application.job => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\jonas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->
ShortcutWithArgument: C:\Users\jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Users\jonas\AppData\Local\Google\Chrome\Application\21.0.1180.89\Installer\setup.exe (Google Inc.) -> --uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
 
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 09:16 - 2017-04-28 08:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-14 13:11 - 2017-06-14 13:11 - 00104624 ____H () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2015-07-22 11:13 - 2015-05-09 01:41 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-10-11 22:51 - 2016-09-07 12:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 08:42 - 2017-03-04 14:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2015-09-02 11:42 - 2015-08-20 15:44 - 00395368 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-16 08:43 - 2017-03-04 14:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 08:43 - 2017-03-04 14:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 08:43 - 2017-03-04 14:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 09:16 - 2017-04-28 07:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 09:16 - 2017-04-28 07:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-10 19:38 - 2015-05-14 15:10 - 00030976 ____C () C:\OEM\Preload\FubTracking\FubTracking.exe
2016-10-22 13:50 - 2016-06-08 18:12 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-10-22 13:50 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-10-22 13:50 - 2016-06-08 18:15 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-10-22 13:50 - 2016-06-08 18:16 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-10-22 13:50 - 2016-06-08 18:16 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-10-22 13:50 - 2016-06-08 18:16 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-10-22 13:50 - 2016-06-08 18:17 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-10-22 13:50 - 2016-06-08 18:17 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-10-22 13:50 - 2016-06-08 18:16 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-10-22 13:50 - 2016-06-08 18:15 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2016-06-24 18:54 - 2016-06-24 18:54 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-06-01 20:09 - 2017-06-01 20:13 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-01 20:09 - 2017-06-01 20:13 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-01 20:09 - 2017-06-01 20:13 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-01 20:09 - 2017-06-01 20:13 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2016-10-22 13:50 - 2016-06-08 18:07 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-10-22 13:50 - 2016-06-08 18:17 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2017-06-10 00:55 - 2017-06-10 00:55 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-10 00:54 - 2017-06-10 00:54 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-10 00:55 - 2017-06-10 00:55 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-10 00:54 - 2017-06-10 00:54 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-10 00:54 - 2017-06-10 00:54 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-10 00:53 - 2017-06-10 00:53 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-10 00:54 - 2017-06-10 00:54 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-10-10 12:34 - 2016-10-10 12:34 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-05-03 07:10 - 2017-05-01 22:44 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-03 07:11 - 2017-04-13 07:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-03 07:11 - 2017-04-13 07:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-03 07:11 - 2017-04-13 07:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-03 07:11 - 2017-05-01 22:48 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-03 07:11 - 2017-04-13 07:44 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-05-03 07:11 - 2017-04-13 07:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-03 07:10 - 2017-04-13 07:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-03 07:10 - 2017-04-13 07:44 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-03 07:10 - 2017-04-13 07:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-03 07:11 - 2017-04-13 07:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-03 07:10 - 2017-04-13 07:43 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-03 07:10 - 2017-04-13 07:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-03 07:11 - 2017-04-13 07:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-03 07:11 - 2017-04-13 07:44 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-03 07:11 - 2017-04-13 07:46 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-03 07:10 - 2017-05-01 22:48 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-03 07:10 - 2017-04-13 07:37 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-03 07:10 - 2017-05-01 22:48 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-05-03 07:10 - 2017-03-22 09:42 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-05-03 07:10 - 2017-05-01 22:48 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-03 07:11 - 2017-05-01 22:49 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-03 07:10 - 2017-04-13 07:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-03 07:10 - 2017-04-13 07:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-03 07:10 - 2017-05-01 22:48 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-03 07:11 - 2017-05-01 22:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-07-28 19:25 - 2017-07-18 19:51 - 67725936 _____ () C:\Users\jonas\AppData\Roaming\Spotify\libcef.dll
2016-12-01 23:30 - 2017-07-18 19:51 - 00110192 _____ () C:\Users\jonas\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-07-28 19:25 - 2017-07-18 19:51 - 01929840 _____ () C:\Users\jonas\AppData\Roaming\Spotify\libglesv2.dll
2016-07-28 19:25 - 2017-07-18 19:51 - 00087152 _____ () C:\Users\jonas\AppData\Roaming\Spotify\libegl.dll
2016-10-20 12:59 - 2016-12-08 23:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-10-20 12:59 - 2016-09-01 09:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-10-20 12:59 - 2016-12-20 10:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-10-20 12:59 - 2016-01-27 15:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-20 12:59 - 2016-01-27 15:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-20 12:59 - 2016-01-27 15:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-20 12:59 - 2016-09-01 09:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-10-20 12:59 - 2016-01-27 15:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-20 12:59 - 2016-01-27 15:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-10-20 12:59 - 2016-09-01 09:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-10-20 12:59 - 2016-12-20 10:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-01-05 02:08 - 2016-12-06 00:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-10-20 12:59 - 2015-09-25 07:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\sharepoint.com -> hxxps://uapasia0-files.sharepoint.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 19:04 - 2016-10-25 20:03 - 00001004 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jonas\Pictures\WallPaper\ConverseWP.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4477D333-B492-4755-8552-7471E155D54E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ADBB5652-D7D5-4E96-914A-84506589A4D9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{687F16CC-9A20-49AC-BA9C-0940BFD5BBFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64D35F69-EEFC-4265-8192-EA6D41BF69AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{76EF410E-D478-4E67-A19C-EE3300223CE8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{830CA22F-96D3-4241-AC74-AC756F9993C1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AE8C2B71-3649-403A-93A0-6CDF411DD4CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C4704643-16BA-4F4B-93E3-352D79867CC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BDA88AC3-E2F7-466B-B059-8AACF72C9912}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2EC7D8A5-4C30-4BDB-A5C9-9676B9998B46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0264EDB9-6F56-469C-8C91-62B5AD8F04B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0F47D8B-C6B9-4497-A860-20C0F311DD56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D07FA3A-68D0-48AA-AF1A-137C527D3751}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82CB541C-CA0B-45C5-BDC9-1C523EE7C9C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{3D7A0131-D161-4C18-83F8-0102D6DA2888}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{C8FBAE17-E2A2-48BD-93D2-28CA41643B16}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{478090C5-0DE8-475F-8BE8-443C01F13F20}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{898845F2-498E-487C-9171-1FCEECD3EDDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{B4D92B3F-C185-4A8C-ADC2-3FD3019F4590}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{496AA0E9-1105-455F-934D-461549EDBBA7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D97EA944-0645-407C-85AC-ED6A18509410}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{94EDAAC0-EAF2-4ACC-B280-3DF8FC323B5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{0E63E9AB-23C8-4215-8B62-D13B67F75EE9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8CD5711D-5E06-4289-9292-428F46A4DB97}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{BC52D097-EC95-44DC-85AF-5ABD16BA3933}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{29EC1C63-CF69-40F3-A333-529D6266DED5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{857F11F9-A1CD-4937-AF77-10AF19723BF7}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
FirewallRules: [UDP Query User{DEE65BA1-27F2-4BE3-9227-B2D28E5B8921}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
FirewallRules: [{4A7CA854-93DF-4DF5-8165-86FE721AD50F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{98488042-6772-49D8-9E68-B2D70FBB6ADA}C:\program files (x86)\amulec\amule.exe] => (Allow) C:\program files (x86)\amulec\amule.exe
FirewallRules: [UDP Query User{A248926C-5E84-4654-9265-D229B2FBD984}C:\program files (x86)\amulec\amule.exe] => (Allow) C:\program files (x86)\amulec\amule.exe
FirewallRules: [TCP Query User{33B87D5A-1128-4116-8610-12C5F7765BF7}C:\users\jonas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jonas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A5CFBC67-4702-44EE-A974-E623689CB7B4}C:\users\jonas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jonas\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A54F8B34-4FD5-4FEC-BAA9-D6AB4E617EB5}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{857F63C2-E726-43E4-A3A6-D9B8D371DBB6}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{59FE787E-FD49-4868-B6DF-26FC166EF2BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7BDB5438-9823-444B-AA8F-1DBF3E2FD1C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{39A2791D-A9C1-4627-9C46-9591CD8E0099}] => (Allow) C:\Users\jonas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A30C8B12-1485-4F09-92C6-DE8B459C975F}] => (Allow) C:\Users\jonas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{64005BFC-AD61-493F-AF25-254FFBE004C0}] => (Allow) C:\Users\jonas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6EDD4A61-CC3F-4681-B367-484C0451F7C6}] => (Allow) C:\Users\jonas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{528E1BA0-F85C-4475-88E8-C36B2D74F234}] => (Allow) C:\Users\jonas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{41D4CB76-312F-4335-91D0-1C1AD78537BA}] => (Allow) C:\Users\jonas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{57A608CE-9898-448E-99F6-53808D2E6DAA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{EA68D3F0-B825-4DCA-ACFF-5F6EB8B8D65E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{200B0702-FE31-406A-A50F-76C0E753A1E1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
==================== Restore Points =========================
01-06-2017 19:02:57 Windows Update
10-06-2017 02:19:44 Windows Update
18-07-2017 20:01:33 Removed Bonjour
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2017 09:48:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (07/18/2017 09:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amazonAssistantService.exe, version: 1.0.0.0, time stamp: 0x5941954c
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902808f
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x163c
Faulting application start time: 0x01d2ffcc0307e703
Faulting application path: C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ae74871a-1828-4493-b5d4-208e30bd3bb1
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2017 09:44:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: amazonAssistantService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Security.SecurityException
at System.ThrowHelper.ThrowSecurityException(System.ExceptionResource)
at Microsoft.Win32.RegistryKey.OpenSubKey(System.String, Boolean)
at AmazonAssistant.AAService.SetAccessPermissions()
at AmazonAssistant.AAService..ctor()
at AmazonAssistant.Program.Main()
Error: (07/18/2017 09:44:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amazonAssistantService.exe, version: 1.0.0.0, time stamp: 0x5941954c
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902808f
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x1ae4
Faulting application start time: 0x01d2ffcbfd8a055c
Faulting application path: C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 32a7907c-7a19-42f5-ba5a-5b5cd21cb6c0
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2017 09:44:36 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: amazonAssistantService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Security.SecurityException
at System.ThrowHelper.ThrowSecurityException(System.ExceptionResource)
at Microsoft.Win32.RegistryKey.OpenSubKey(System.String, Boolean)
at AmazonAssistant.AAService.SetAccessPermissions()
at AmazonAssistant.AAService..ctor()
at AmazonAssistant.Program.Main()
Error: (07/18/2017 08:02:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/18/2017 07:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Encrypt.exe, version: 1.0.3000.0, time stamp: 0x555330e9
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a
Exception code: 0xe0434352
Fault offset: 0x000da9f2
Faulting process id: 0x2174
Faulting application start time: 0x01d2ffbc5118cd17
Faulting application path: C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\Encrypt.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 01052fa0-8a85-412b-95af-b6ce24e67f59
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2017 07:52:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Encrypt.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Security.Cryptography.CryptographicException
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[], Int32, Int32)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at Encryption.AES.DecryptFile(System.String, System.String)
at UBTService.Program.Main(System.String[])
Error: (07/18/2017 07:41:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CareCenter.exe, version: 2.1.8022.0, time stamp: 0x5756c382
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902808f
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x2da0
Faulting application start time: 0x01d2ffb9c1091edf
Faulting application path: C:\Program Files (x86)\Acer\Care Center\CareCenter.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0018f074-6d4f-4bee-a2b6-b036cb61d90e
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2017 07:41:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CareCenter.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop()
at System.Management.ManagementEventWatcher.Finalize()

System errors:
=============
Error: (07/18/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Energy Server Service WILLAMETTE service hung on starting.
Error: (07/18/2017 09:37:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/18/2017 09:37:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/18/2017 09:37:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/18/2017 09:36:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The tiledatamodelsvc service depends on the StateRepository service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (07/18/2017 09:36:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The StateRepository service hung on starting.
Error: (07/18/2017 09:35:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/18/2017 09:35:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
Error: (07/18/2017 09:34:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:44:08 PM on ‎7/‎18/‎2017 was unexpected.
Error: (07/18/2017 07:51:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2017-07-18 22:03:32.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:03:32.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:55.997
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:55.989
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:55.984
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:55.978
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:43.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:43.446
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:43.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 22:02:43.435
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 74%
Total physical RAM: 1962.02 MB
Available physical RAM: 495.02 MB
Total Virtual: 5034.02 MB
Available Virtual: 2713.87 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:347.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: EC1B6922)
Partition: GPT.
==================== End of Addition.txt ============================
 
Posted 2 replies for the Addition.txt portion.. 2nd Portion is waiting for moderators approval :/.. hope this reply helps all the chaos.
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

redtarget.gif
Please uninstall following unwanted programs:

Amazon Assistant
amuleC
InterHop
Online Special Application
Search the Web (Yahoo)
Traffic Exchange
YellowSend

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back