Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
- Ran by drpmc (17-01-2018 17:26:17)
- Running from C:\Users\drpmc\Downloads
- Windows 10 Home Version 1709 16299.192 (X64) (2018-01-18 00:30:02)
- Boot Mode: Normal
- ==========================================================
- ==================== Accounts: =============================
- Administrator (S-1-5-21-35610016-3709973805-3043799172-500 - Administrator - Disabled)
- DefaultAccount (S-1-5-21-35610016-3709973805-3043799172-503 - Limited - Disabled)
- drpmc (S-1-5-21-35610016-3709973805-3043799172-1001 - Administrator - Enabled) => C:\Users\drpmc
- Guest (S-1-5-21-35610016-3709973805-3043799172-501 - Limited - Disabled)
- WDAGUtilityAccount (S-1-5-21-35610016-3709973805-3043799172-504 - Limited - Disabled)
- ==================== Security Center ========================
- (If an entry is included in the fixlist, it will be removed.)
- AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
- AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
- AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
- AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
- AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
- AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
- FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
- FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
- ==================== Installed Programs ======================
- (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
- 12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-abfc5b8b-1f09-4bed-add0-97007e04b003) (Version: 3.0.2.118 - WildTangent) Hidden
- abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
- abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
- Acer Audio Invert Utility (HKLM-x32\...\{11086334-4198-44C7-8C67-7B49E4AC925A}) (Version: 1.00.3002 - Acer Incorporated)
- Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
- Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
- Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
- Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
- Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
- Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
- AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
- Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.4 - AVAST Software)
- Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
- Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 1.0.13.0 - Dashlane SAS)
- Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.33 - Dolby Laboratories, Inc.)
- Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.2.30 - Dolby Laboratories, Inc.)
- eBay Worldwide (HKLM-x32\...\{3DC26EA7-03E3-4353-9424-EEB7A34A7504}) (Version: 2.5.0427 - OEM)
- Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
- Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
- Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
- Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
- Home Makeover (HKLM-x32\...\WTA-f3f31ee5-d658-45ea-9d90-3a307a2fa4b4) (Version: 3.0.2.59 - WildTangent) Hidden
- Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
- Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
- Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
- Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
- Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
- Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
- Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
- Jewel Match 3 (HKLM-x32\...\WTA-05ef033f-3fc6-410a-8299-fef37160d456) (Version: 2.2.0.97 - WildTangent) Hidden
- Jewel Match Snowscapes (HKLM-x32\...\WTA-8ebc43e2-f1a6-4e36-a974-985be9e27776) (Version: 3.0.2.118 - WildTangent) Hidden
- Magic Academy (HKLM-x32\...\WTA-7ad3d7b6-dfc7-434d-881a-0790a6acd6b1) (Version: 2.2.0.97 - WildTangent) Hidden
- Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
- McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1122 - McAfee, Inc.)
- Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
- Microsoft OneDrive (HKU\S-1-5-21-35610016-3709973805-3043799172-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
- Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
- Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
- Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.11.2.7 - Symantec Corporation)
- Polar Bowler 1st Frame (HKLM-x32\...\WTA-63754197-a389-4dc3-8095-cb833fbaa6dc) (Version: 3.0.2.59 - WildTangent) Hidden
- Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.0097 - Qualcomm Atheros)
- Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
- Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
- Rory's Restaurant (HKLM-x32\...\WTA-4f5f0a40-e305-4e37-a21f-57e89c5d404c) (Version: 3.0.2.126 - WildTangent) Hidden
- Runefall (HKLM-x32\...\WTA-976cd8b2-747a-4fd0-b2c7-8db3d48b1473) (Version: 3.0.2.126 - WildTangent) Hidden
- Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
- Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
- Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
- WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
- WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
- Windows Store Gift Card Promo (HKLM-x32\...\{FF74AA30-FF56-4197-8B64-5D63F367BC02}) (Version: 1.0.0.1 - Microsoft Corporation)
- ==================== Custom CLSID (Whitelisted): ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-05] (Acer Incorporated)
- ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-05] (Acer Incorporated)
- ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-05] (Acer Incorporated)
- ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2015-07-16] (McAfee, Inc.)
- ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
- ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
- ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
- ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
- ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-19] (Intel Corporation)
- ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
- ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
- ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2015-07-16] (McAfee, Inc.)
- ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
- ==================== Scheduled Tasks (Whitelisted) =============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- Task: {597346AE-17A2-4C9C-BD9C-59DA53D99053} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
- Task: {5C633AE7-4C44-4224-BDA3-B989542D6750} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
- Task: {629DB1B0-7855-4527-A528-05A1471390C3} - System32\Tasks\WindowsStoreGiftCardPromoBackgroundTaskX86 => C:\Program Files (x86)\Windows Store Promo\wsgcpromoback.exe [2015-07-15] (Microsoft Corporation)
- Task: {642163B6-0436-4445-B7F4-C3C59BF17A70} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\WSCStub.exe [2017-11-10] (Symantec Corporation)
- Task: {6A4BB78F-1BD1-4BF8-A450-6477BBE992F5} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-13] ()
- Task: {731DE8BC-997E-4BEE-8BC4-2835DAD9943C} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
- Task: {9E003D16-A78F-4503-A279-0C447990C9E7} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
- Task: {A1E7F2F0-A78D-4827-AD21-C8593C1D3B36} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2018-01-17] (AVAST Software)
- Task: {A2A6ACBA-1147-4567-8A9F-A1CE7402EE78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-17] (Google Inc.)
- Task: {A86E887C-77B0-4EF7-ABA6-D9BFCAEB24F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-17] (Google Inc.)
- Task: {AC7B2403-B317-49E8-97A8-82C2B3544FAC} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] ()
- Task: {B144931B-0702-429D-9715-A4BA0A7D6008} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-09-04] (Acer Incorporated)
- Task: {B21AD79A-2C42-4F34-A750-E56A6F6A23CA} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files\Norton Internet Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
- Task: {C0399E3E-80C6-47DB-8688-27127DA521F4} - System32\Tasks\Audio Invert Utility => C:\Program Files (x86)\Acer\Acer Audio Invert Utility\Launcher.exe [2014-12-29] (Acer Incorporated)
- Task: {C88E24B6-D671-403E-8914-7DCD4B055351} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
- Task: {CA59D5F5-1552-4D88-9247-0604C66BF9C5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
- Task: {D5FE8E83-6DE3-4B2E-AC19-624924DD5ABB} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
- Task: {D6CADD1F-A614-4869-9E62-3D1541A047E7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2018-01-17] (AVAST Software)
- Task: {E0616173-AD7F-4EF0-9DF8-969B96A9D52C} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-10] ()
- Task: {ED1AD678-37C2-40AD-8354-757FD4318DFF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
- Task: {FC6923A0-972E-4735-A107-0FACB324C04D} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-04] (Acer Incorporated)
- (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
- ==================== Shortcuts & WMI ========================
- (The entries could be listed to be restored or removed.)
- ==================== Loaded Modules (Whitelisted) ==============
- 2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
- 2015-09-22 09:17 - 2015-09-22 09:17 - 005570064 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
- 2018-01-17 16:38 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
- 2018-01-17 16:38 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
- 2018-01-17 16:34 - 2018-01-17 16:34 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
- 2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
- 2015-09-22 20:37 - 2015-09-22 20:37 - 000176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
- 2016-05-19 20:37 - 2016-05-19 20:37 - 000410600 _____ () C:\WINDOWS\system32\igfxTray.exe
- 2017-12-13 17:33 - 2017-12-13 17:33 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
- 2017-12-13 17:33 - 2017-12-13 17:33 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
- 2017-09-29 06:43 - 2017-09-29 06:43 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5c\SkypeHost.exe
- 2017-09-29 06:43 - 2017-09-29 06:43 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
- 2017-09-29 06:43 - 2017-09-29 06:43 - 043452928 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5c\SkyWrap.dll
- 2017-09-29 06:43 - 2017-09-29 06:43 - 002437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5c\skypert.dll
- 2015-09-22 20:40 - 2015-09-22 20:40 - 000628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
- 2015-11-04 16:06 - 2015-05-13 23:10 - 000030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
- 2018-01-17 16:36 - 2018-01-17 16:36 - 000102088 _____ () C:\Users\drpmc\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
- 2015-08-07 01:09 - 2015-08-07 01:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
- 2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
- 2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
- 2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
- 2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
- 2018-01-17 16:37 - 2018-01-17 16:37 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
- 2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
- 2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
- 2018-01-17 16:34 - 2018-01-17 16:34 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
- 2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
- 2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
- ==================== Alternate Data Streams (Whitelisted) =========
- ==================== Safe Mode (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
- ==================== Association (Whitelisted) ===============
- (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
- ==================== Internet Explorer trusted/restricted ===============
- (If an entry is included in the fixlist, it will be removed from the registry.)
- ==================== Hosts content: ===============================
- (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
- 2015-07-10 03:04 - 2015-07-10 03:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
- ==================== Other Areas ============================
- (Currently there is no automatic fix for this section.)
- HKU\S-1-5-21-35610016-3709973805-3043799172-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\drpmc\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
- DNS Servers: 75.75.75.75 - 75.75.76.76
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
- Windows Firewall is enabled.
- ==================== MSCONFIG/TASK MANAGER disabled items ==
- ==================== FirewallRules (Whitelisted) ===============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- FirewallRules: [{35DB134B-8D44-4415-A141-53523DF731A8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
- FirewallRules: [{E298802C-9FD8-47F3-B013-294314EFDB2F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
- FirewallRules: [{7D2D63CC-D5DE-4936-A160-0F1C68A9AE16}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
- FirewallRules: [{AEAFCC99-AD7F-4BB8-AA5F-012EE8CEEFFC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
- FirewallRules: [{7DC4B2BF-3D2A-4C5D-AE4F-AF85CCEEC13C}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
- FirewallRules: [{3C08743C-B168-4536-987B-0323C0791260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
- FirewallRules: [{32E40FA6-514A-4B5B-A1B0-3B3D80AC6884}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
- FirewallRules: [{E0DB4407-DACE-4D7D-8355-F125186B8FF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- FirewallRules: [{A6C68F37-DCA7-456F-9D94-AD18E4CB520E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- FirewallRules: [{D32CB4CE-9924-4E59-8FF3-84A758BB8E38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
- FirewallRules: [{C81EA2AC-BAAB-418B-81BA-7459AF9D590B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
- FirewallRules: [{D6351289-1DD5-491D-88CC-15AB40915418}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- FirewallRules: [{E2B2B1FD-D0A8-4D2C-9F89-CF83399501AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{270C5750-53E2-459D-B1C5-F67C0355E9BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{9D4D81DC-5CDB-46F1-801D-67DD7A016BBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{576662A6-4458-465C-8113-5EA1F1A509F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{81ADAFA7-85F1-4BA0-BD04-4A9500CD2943}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{6BC22C0C-7E85-481D-977D-DA221D6E9D0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{16DF6BD5-11A0-43A8-BAB9-C67938290399}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{4BF8F54C-07BC-41E2-82BD-2C9918503C56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
- FirewallRules: [{65EF55EF-FECC-464A-96E3-36758D74FCC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
- FirewallRules: [{2D30FB74-4A00-492C-94EB-6F388FC192BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
- ==================== Restore Points =========================
- 17-01-2018 17:13:00 Removed Foxit PhantomPDF
- ==================== Faulty Device Manager Devices =============
- ==================== Event log errors: =========================
- Application errors:
- ==================
- Error: (01/17/2018 05:23:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
- Description: Local Hostname DESKTOP-S26M0PK.local already in use; will try DESKTOP-S26M0PK-2.local instead
- Error: (01/17/2018 05:23:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
- Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 DESKTOP-S26M0PK.local. Addr 10.0.0.31
- Error: (01/17/2018 05:23:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
- Description: mDNSCoreReceiveResponse: Received from 10.0.0.31:5353 16 DESKTOP-S26M0PK.local. AAAA 2601:0647:4C01:2B10:0000:0000:0000:A215
- Error: (01/17/2018 05:17:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
- Description: Local Hostname DESKTOP-S26M0PK.local already in use; will try DESKTOP-S26M0PK-2.local instead
- Error: (01/17/2018 05:17:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
- Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 DESKTOP-S26M0PK.local. Addr 10.0.0.31
- Error: (01/17/2018 05:17:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
- Description: mDNSCoreReceiveResponse: Received from 10.0.0.31:5353 16 DESKTOP-S26M0PK.local. AAAA 2601:0647:4C01:2B10:0000:0000:0000:A215
- Error: (01/17/2018 05:01:43 PM) (Source: Application Error) (EventID: 1000) (User: )
- Description: Faulting application name: svchost.exe_InstallService, version: 10.0.16299.15, time stamp: 0x9c786b9a
- Faulting module name: ucrtbase.dll, version: 10.0.16299.125, time stamp: 0x70f70cc4
- Exception code: 0xc0000409
- Fault offset: 0x000000000006b70e
- Faulting process id: 0x17a8
- Faulting application start time: 0x01d38ff66540a04e
- Faulting application path: C:\WINDOWS\System32\svchost.exe
- Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
- Report Id: 7afd5b99-a7ff-4d54-b2e1-fc98ac8eedfd
- Faulting package full name:
- Faulting package-relative application ID:
- Error: (01/17/2018 04:58:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
- Description: The program adwcleaner_7.0.6.0.exe version 7.0.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
- Process ID: 928
- Start Time: 01d38ff5d912b4ad
- Termination Time: 60000
- Application Path: C:\Users\drpmc\Downloads\adwcleaner_7.0.6.0.exe
- Report Id: 23e31f65-b1da-41e0-9593-e0156055a5e4
- Faulting package full name:
- Faulting package-relative application ID:
- Error: (01/17/2018 04:51:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: DESKTOP-S26M0PK)
- Description: Windows cannot delete the profile directory C:\Users\defaultuser0. This error may be caused by files in this directory being used by another program.
- DETAIL - The directory is not empty.
- Error: (01/17/2018 04:33:50 PM) (Source: ESENT) (EventID: 522) (User: )
- Description: ShellExperienceHost (8512,P,0) TILEREPOSITORYS-1-5-21-35610016-3709973805-3043799172-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
- System errors:
- =============
- Error: (01/17/2018 05:26:04 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-S26M0PK)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {D63B10C5-BB46-4990-A94F-E40B9D520160}
- and APPID
- {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
- to the user DESKTOP-S26M0PK\drpmc SID (S-1-5-21-35610016-3709973805-3043799172-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (01/17/2018 05:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (01/17/2018 05:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (01/17/2018 05:23:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-S26M0PK)
- Description: The server Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout.
- Error: (01/17/2018 05:23:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The User Experience Improvement Program service terminated unexpectedly. It has done this 1 time(s).
- Error: (01/17/2018 05:23:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The Dashlane Upgrade Service service terminated unexpectedly. It has done this 1 time(s).
- Error: (01/17/2018 05:23:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).
- Error: (01/17/2018 05:23:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
- Error: (01/17/2018 05:23:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s).
- Error: (01/17/2018 05:23:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The Quick Access Local Service service terminated unexpectedly. It has done this 1 time(s).
- CodeIntegrity:
- ===================================
- Date: 2018-01-17 17:24:37.790
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:37.787
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:28.587
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:28.583
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:09.574
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:09.555
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:06.438
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:24:06.422
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:22:43.276
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- Date: 2018-01-17 17:22:43.268
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
- ==================== Memory info ===========================
- Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
- Percentage of memory in use: 36%
- Total physical RAM: 8073.91 MB
- Available physical RAM: 5139.49 MB
- Total Virtual: 9993.91 MB
- Available Virtual: 7250.29 MB
- ==================== Drives ================================
- Drive c: (Acer) (Fixed) (Total:237.52 GB) (Free:209.46 GB) NTFS
- ==================== MBR & Partition Table ==================
- ========================================================
- Disk: 0 (Size: 238.5 GB) (Disk ID: BC7991E4)
- Partition: GPT.
- ==================== End of Addition.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement