A "g****.tmp.exe" files in the windows temp folder

mbmike · July 11, 2017

Somehow these "G****.tmp.exe" keep running in the background on my PC and keep coming back on startup after removal. Windows defender is constantly disable and once windows 10 boots these files "G*****.temp.exe" are automatically generated in the temp folder and see it running everytime in the task/process from the task manager. Constantly killing these, trying to delete them out. Did my best to clean this out and still having security issues as to how this keeps coming back.

Could you please help?

Think this is similar to "A777" topic:

Thank you.

Aura · July 11, 2017

Hi mbmike

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

mbmike · July 11, 2017

Thank you for the excellent advice. MBAR resolved the problem.

Aura · July 11, 2017

Good But we're not quite done yet, so please bear with me for a bit more.

Now you should be able to install and run a scan with Malwarebytes.

Malwarebytes - Clean Mode

Download and install the free version of Malwarebytes
Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
Let the scan run, the time required to complete the scan depends of your system and computer specs;
Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
- If it asks you to restart your computer to complete the removal, do so;
Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

mbmike · July 11, 2017

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/11/17
Scan Time: 10:02 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2341
License: Trial

-System Information-
OS: Windows 10 (Build 15063.413)
CPU: x64
File System: NTFS
User: LAPTOP-0SCO1A7P\mb16

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378028
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Aura · July 11, 2017

Good Now let's do a sweep with AdwCleaner and JRT.

AdwCleaner - Fix Mode

Download AdwCleaner and move it to your Desktop;
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Accept the EULA (I accept), let the database update, then click on Scan;
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Junkware Removal Tool (JRT)

Download Junkware Removal Tool (JRT) and move it to your Desktop;
Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Press on any key to launch the scan and let it complete;

Credits : BleepingComputer.com
Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

Your next reply(ies) should therefore contain:

Copy/pasted AdwCleaner clean log;
Copy/pasted JRT log;

mbmike · July 11, 2017

# AdwCleaner v6.047 - Logfile created 11/07/2017 at 10:47:48
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-10.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : mb16 - LAPTOP-0SCO1A7P
# Running from : C:\Users\mb16\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\mb16\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\mb16\AppData\Local\llssoft
[-] Folder deleted: C:\Program Files\DriverSetupUtility
[-] Folder deleted: C:\ProgramData\Bonanza
[-] Folder deleted: C:\ProgramData\DriverSetupUtility
[-] Folder deleted: C:\ProgramData\WindowsVideoErrorReporting
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Bonanza
[#] Folder deleted on reboot: C:\ProgramData\Application Data\DriverSetupUtility
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WindowsVideoErrorReporting
[#] Folder deleted on reboot: C:\Users\mb16\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\Default\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\Public\App Explorer

***** [ Files ] *****

[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: App Explorer

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Key deleted: HKU\S-1-5-21-188366014-661307068-2873173738-1001\Software\Host App Service
[-] Key deleted: HKU\S-1-5-21-188366014-661307068-2873173738-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Key deleted on reboot: HKCU\Software\Host App Service
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Key deleted on reboot: [x64] HKCU\Software\Host App Service
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

***** [ Web browsers ] *****

[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: hangouts.en.softonic.com
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: isearch.avg.com
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mystart.incredibar.com/mb139
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.zonealarm.com
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: start-pagesearch.com
[-] [C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://start-pagesearch.com/?s=acer&m=start&brw=ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4398 Bytes] - [11/07/2017 10:47:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [4553 Bytes] - [11/07/2017 10:44:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4544 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by mb16 (Administrator) on Tue 07/11/2017 at 11:09:40.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 3

Successfully deleted: C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder)
Successfully deleted: C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage-journal (File)
Successfully deleted: C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1516DAFD-F947-4CDB-8634-9C105E9EDC99} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/11/2017 at 11:13:46.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aura · July 11, 2017

Good Now let's run a scan with FRST to see if there's anything left to remove.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

Download the right version of FRST for your system:
- FRST 64-bit
Move the executable (FRST.exe or FRST64.exe) on your Desktop;
Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
Make sure the Addition.txt box is checked;
Click on the Scan button;
On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

mbmike · July 11, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by mb16 (administrator) on LAPTOP-0SCO1A7P (11-07-2017 16:59:38)
Running from C:\Users\mb16\Desktop
Loaded Profiles: mb16 (Available Profiles: mb16)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
Failed to access process -> Adobe CEF Helper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxext.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\OEM\Preload\FubTool\FubTool.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-188366014-661307068-2873173738-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer)
HKU\S-1-5-21-188366014-661307068-2873173738-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.35.176.53 64.35.176.54
Tcpip\..\Interfaces\{913963a7-a86b-4b76-98fc-e4925d3ceb8b}: [DhcpNameServer] 10.66.184.1
Tcpip\..\Interfaces\{ac571fb7-05fe-425b-8b25-dd8575e52577}: [DhcpNameServer] 64.35.176.53 64.35.176.54

Internet Explorer:
==================
HKU\S-1-5-21-188366014-661307068-2873173738-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-188366014-661307068-2873173738-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-188366014-661307068-2873173738-1001 -> DefaultScope {1516DAFD-F947-4CDB-8634-9C105E9EDC99} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-06-02] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-06-02] (RealDownloader)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-01] (Microsoft Corporation)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-06-28]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-07-11]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-05-15] (DivX, LLC)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.8.212 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2017-06-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.8.212 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2017-06-28] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin HKU\S-1-5-21-188366014-661307068-2873173738-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\mb16\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-06-28] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default [2017-07-11]
CHR Extension: (Google Translate) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-06-28]
CHR Extension: (Google Slides) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-27]
CHR Extension: (Google Docs) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-27]
CHR Extension: (Google Drive) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-27]
CHR Extension: (YouTube) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-27]
CHR Extension: (Adblock Plus) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-10]
CHR Extension: (Adobe Acrobat) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-29]
CHR Extension: (Google Sheets) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-27]
CHR Extension: (HTTPS Everywhere) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-27]
CHR Extension: (Gmail) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\mb16\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR Profile: C:\Users\mb16\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-30]
CHR HKU\S-1-5-21-188366014-661307068-2873173738-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-27] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHeciSvc.exe [301552 2016-11-08] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHDCPSvc.exe [480240 2016-11-08] (Intel Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2016-08-04] (Dashlane, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxCUIService.exe [341992 2016-11-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26576 2016-09-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [441136 2016-09-13] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [482608 2016-09-13] (Acer Incorporated)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [36640 2017-06-02] (RealNetworks, Inc.)
S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [988944 2017-06-28] (RealNetworks, Inc.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-27] (acer)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igdkmd64.sys [10588656 2016-11-08] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2017-03-22] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29216 2017-03-22] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [189672 2017-03-22] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2017-03-22] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1007848 2017-03-22] (AO Kaspersky Lab)
R0 klupd_KLIF_arkmon; C:\WINDOWS\System32\Drivers\klupd_KLIF_arkmon.sys [229288 2017-06-29] (AO Kaspersky Lab)
R3 klupd_KLIF_kimul; C:\WINDOWS\System32\Drivers\klupd_KLIF_kimul.sys [87584 2017-06-29] (AO Kaspersky Lab)
R3 klupd_KLIF_klark; C:\WINDOWS\System32\Drivers\klupd_KLIF_klark.sys [251656 2017-06-29] (AO Kaspersky Lab)
R0 klupd_KLIF_klbg; C:\WINDOWS\System32\Drivers\klupd_KLIF_klbg.sys [112912 2017-06-29] (AO Kaspersky Lab)
R3 klupd_KLIF_mark; C:\WINDOWS\System32\Drivers\klupd_KLIF_mark.sys [173144 2017-06-29] (AO Kaspersky Lab)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-09-13] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-11] (Malwarebytes)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-09-13] (Acer Incorporated)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-14] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57432 2016-09-04] (Synaptics Incorporated)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2016-08-15] (Intel Corporation)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-11 16:59 - 2017-07-11 17:01 - 00022879 _____ C:\Users\mb16\Desktop\FRST.txt
2017-07-11 16:57 - 2017-07-11 16:57 - 02437120 _____ (Farbar) C:\Users\mb16\Desktop\FRST64.exe
2017-07-11 10:59 - 2017-07-11 10:59 - 00037736 _____ C:\Users\mb16\Desktop\DOC101716.pdf
2017-07-11 10:46 - 2017-07-11 10:46 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0CDB6EC6.sys
2017-07-11 10:45 - 2017-07-11 10:45 - 01663672 _____ (Malwarebytes) C:\Users\mb16\Desktop\JRT.exe
2017-07-11 10:43 - 2017-07-11 10:47 - 00000000 ____D C:\AdwCleaner
2017-07-11 10:20 - 2017-07-11 10:53 - 00000000 ___RD C:\Users\mb16\Creative Cloud Files
2017-07-11 10:19 - 2017-07-11 10:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-11 10:18 - 2017-07-11 10:18 - 00000040 ____H C:\5D155AC56026
2017-07-11 10:17 - 2017-07-11 10:43 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-11 10:17 - 2017-07-11 10:17 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-07-11 10:16 - 2017-07-11 10:16 - 04110280 _____ C:\Users\mb16\Desktop\AdwCleaner.exe
2017-07-11 10:02 - 2017-07-11 10:02 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-07-11 09:46 - 2017-07-11 11:02 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-11 09:46 - 2017-07-11 10:51 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-11 09:46 - 2017-07-11 10:50 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-11 09:46 - 2017-07-11 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-11 09:46 - 2017-07-11 09:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 09:46 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-11 09:23 - 2017-07-11 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 09:22 - 2017-07-11 10:50 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 09:22 - 2017-07-11 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-11 09:22 - 2017-07-11 09:46 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-11 09:22 - 2017-07-11 09:40 - 00000000 ____D C:\Users\mb16\Desktop\mbar
2017-07-10 23:19 - 2017-07-10 23:19 - 00000000 ____D C:\ProgramData\SUPERSetup
2017-07-10 22:36 - 2017-07-11 16:59 - 00000000 ____D C:\FRST
2017-07-06 18:39 - 2017-07-06 18:39 - 00000000 ____D C:\Users\mb16\Documents\Custom Office Templates
2017-07-03 08:02 - 2016-12-09 02:36 - 00000040 _____ C:\WINDOWS\spotify.preload
2017-06-30 19:36 - 2017-06-30 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2017-06-29 15:05 - 2017-06-30 00:44 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-29 14:59 - 2017-06-29 14:59 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2017-06-29 14:30 - 2017-06-29 14:30 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_KLIF_klark.sys
2017-06-29 14:23 - 2017-06-29 14:23 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_KLIF_arkmon.sys
2017-06-29 14:23 - 2017-06-29 14:23 - 00173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_KLIF_mark.sys
2017-06-29 14:23 - 2017-06-29 14:23 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_KLIF_klbg.sys
2017-06-29 14:23 - 2017-06-29 14:23 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_KLIF_kimul.sys
2017-06-29 14:22 - 2017-03-22 08:06 - 00554408 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kl1.sys
2017-06-29 14:22 - 2017-03-22 08:06 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-06-29 14:14 - 2017-06-29 14:22 - 00441208 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2017-06-29 14:14 - 2017-06-29 14:14 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2017-06-29 14:13 - 2017-06-29 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-06-29 14:13 - 2017-06-29 14:13 - 00000000 ____D C:\ProgramData\CheckPoint
2017-06-29 14:13 - 2017-06-29 14:13 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2017-06-28 22:32 - 2017-07-11 10:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-28 22:30 - 2017-06-28 22:31 - 00000000 ____D C:\Program Files (x86)\Adobe Acrobat DC
2017-06-28 18:31 - 2017-06-28 18:31 - 00000000 ____D C:\Users\mb16\Documents\Zoom
2017-06-28 17:54 - 2017-06-28 17:54 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Zoom
2017-06-28 17:54 - 2017-06-28 17:54 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-06-28 13:51 - 2017-06-28 13:51 - 00000000 ____D C:\Program Files (x86)\Excel QM v5.2
2017-06-28 13:50 - 2017-06-28 13:50 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POM-QM for Windows 5
2017-06-28 13:50 - 2017-06-28 13:50 - 00000000 ____D C:\Program Files (x86)\POMQMV5
2017-06-28 13:38 - 2017-06-28 13:38 - 00003552 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2017-06-28 13:37 - 2017-07-05 21:21 - 00003600 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-188366014-661307068-2873173738-1001
2017-06-28 13:37 - 2017-07-05 21:21 - 00003536 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-188366014-661307068-2873173738-1001
2017-06-28 13:37 - 2017-06-28 13:37 - 00207752 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2017-06-28 13:36 - 2017-06-28 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2017-06-28 13:36 - 2017-06-28 13:36 - 00285576 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2017-06-28 13:31 - 2017-06-28 13:31 - 00003708 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-06-28 13:30 - 2017-06-28 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-06-28 13:23 - 2017-06-28 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-28 13:22 - 2017-06-28 13:22 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-06-28 13:22 - 2017-06-28 13:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-28 12:52 - 2017-06-28 12:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-28 12:49 - 2017-06-28 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2017-06-28 12:49 - 2017-06-28 12:49 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2017-06-28 12:44 - 2017-06-28 12:44 - 00000000 ____D C:\Users\mb16\AppData\Roaming\CareCenter
2017-06-28 12:00 - 2017-07-11 09:40 - 00000000 ____D C:\Users\mb16\AppData\Local\dunjqe
2017-06-28 12:00 - 2017-06-28 12:00 - 00000000 ____D C:\Users\mb16\AppData\Roaming\c
2017-06-28 11:39 - 2017-06-28 12:31 - 00000000 ____D C:\Program Files (x86)\ExcelOMQMv4
2017-06-28 10:00 - 2017-06-28 10:00 - 00000000 ____D C:\Users\mb16\AppData\Local\CEF
2017-06-28 09:04 - 2017-07-10 21:10 - 00000000 ____D C:\Users\mb16\AppData\LocalLow\Adobe
2017-06-28 09:03 - 2017-07-11 10:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-28 09:00 - 2017-07-11 10:53 - 00000000 ____D C:\Users\mb16\AppData\Local\Adobe
2017-06-28 08:58 - 2017-07-11 10:20 - 00000000 ____D C:\ProgramData\Adobe
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-06-28 07:30 - 2017-06-28 07:30 - 00000000 _SHDL C:\Documents and Settings
2017-06-28 02:23 - 2017-06-28 02:23 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-28 02:23 - 2017-06-27 22:31 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-28 02:21 - 2017-06-28 02:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-28 02:21 - 2017-06-28 02:21 - 00000000 ____D C:\Program Files\MSBuild
2017-06-28 02:21 - 2017-06-28 02:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-28 02:21 - 2017-06-28 02:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-28 02:20 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-28 02:20 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 02:20 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-28 02:20 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-28 02:20 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 02:20 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-28 01:57 - 2017-06-28 17:39 - 00000000 ____D C:\Users\mb16\AppData\Roaming\DivX
2017-06-28 01:54 - 2017-06-28 13:31 - 00000000 ____D C:\Program Files (x86)\DivX
2017-06-28 01:53 - 2017-06-28 13:31 - 00000000 ____D C:\ProgramData\DivX
2017-06-28 01:45 - 2017-06-28 01:45 - 00000000 ____D C:\Users\mb16\AppData\Local\Real
2017-06-28 01:45 - 2017-06-28 01:45 - 00000000 ____D C:\Users\mb16\AppData\Local\CrashRpt
2017-06-28 01:44 - 2017-06-28 13:37 - 00000000 ____D C:\Users\mb16\AppData\Roaming\RealNetworks
2017-06-28 01:44 - 2017-06-28 13:37 - 00000000 ____D C:\ProgramData\RealNetworks
2017-06-28 01:43 - 2017-06-28 13:37 - 00000000 ____D C:\Program Files (x86)\Real
2017-06-28 01:42 - 2017-06-28 01:45 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Real
2017-06-28 01:41 - 2017-06-28 01:46 - 00000000 ____D C:\ProgramData\Real
2017-06-28 01:15 - 2017-06-28 13:23 - 00000000 ____D C:\ProgramData\Apple Computer
2017-06-28 01:15 - 2017-06-28 13:23 - 00000000 ____D C:\Program Files\iTunes
2017-06-28 01:15 - 2017-06-28 13:23 - 00000000 ____D C:\Program Files\iPod
2017-06-28 01:15 - 2017-06-28 01:47 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Apple Computer
2017-06-28 01:15 - 2017-06-28 01:15 - 00000000 ____D C:\Users\mb16\AppData\Local\Apple Computer
2017-06-28 01:14 - 2017-06-28 13:22 - 00000000 ____D C:\Program Files\Bonjour
2017-06-28 01:14 - 2017-06-28 13:22 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-06-28 01:14 - 2017-06-28 13:22 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-06-28 01:14 - 2017-06-28 13:21 - 00000000 ____D C:\ProgramData\Apple
2017-06-28 01:14 - 2017-06-28 01:14 - 00000000 ____D C:\Users\mb16\AppData\Local\Apple
2017-06-28 01:14 - 2017-06-28 01:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-28 00:29 - 2017-06-28 12:52 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2017-06-28 00:29 - 2017-06-28 12:51 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2017-06-28 00:29 - 2015-06-26 11:27 - 01848320 _____ C:\WINDOWS\system32\eed_ec.dll
2017-06-28 00:29 - 2015-06-26 11:27 - 00688408 _____ (Samsung Electronics) C:\WINDOWS\system32\eed_sl.exe
2017-06-28 00:29 - 2015-06-26 11:27 - 00158040 _____ (SS) C:\WINDOWS\system32\ssk5mci.exe
2017-06-28 00:29 - 2015-06-26 11:27 - 00022528 _____ () C:\WINDOWS\system32\ssk5mlm.dll
2017-06-28 00:29 - 2013-11-29 08:37 - 00000273 _____ C:\WINDOWS\system32\eed_sl.exe.config
2017-06-28 00:29 - 2013-11-29 08:36 - 00089600 _____ (SS) C:\WINDOWS\system32\ssk5mci.dll
2017-06-28 00:18 - 2017-06-28 12:49 - 00000000 ____D C:\ProgramData\Samsung
2017-06-28 00:18 - 2017-06-28 12:19 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Samsung
2017-06-28 00:12 - 2013-11-28 04:31 - 00011576 ____N (Samsung Electronics) C:\WINDOWS\system32\Drivers\SSPORT.SYS
2017-06-28 00:11 - 2017-06-28 12:51 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-06-27 23:52 - 2017-06-27 23:52 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Google
2017-06-27 23:51 - 2017-06-27 23:51 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 23:43 - 2017-07-11 16:59 - 00000000 ___RD C:\Users\mb16\Google Drive
2017-06-27 23:42 - 2017-06-27 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-06-27 23:40 - 2017-06-28 12:19 - 00000000 ____D C:\Users\mb16\AppData\Local\Google
2017-06-27 23:40 - 2017-06-27 23:50 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-27 23:40 - 2017-06-27 23:40 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-27 23:40 - 2017-06-27 23:40 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-27 23:30 - 2017-07-05 21:40 - 00000000 ___RD C:\Users\mb16\Dropbox
2017-06-27 23:26 - 2017-06-27 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-27 23:23 - 2017-06-27 23:23 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Dropbox
2017-06-27 23:20 - 2017-06-28 12:34 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-06-27 23:20 - 2017-06-28 12:34 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-06-27 23:20 - 2017-06-28 01:21 - 00000000 ____D C:\Users\mb16\AppData\Local\Dropbox
2017-06-27 23:20 - 2017-06-27 23:28 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-27 23:20 - 2017-06-27 23:20 - 00003996 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-27 23:20 - 2017-06-27 23:20 - 00003764 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-27 23:20 - 2017-06-27 23:20 - 00000000 ____D C:\ProgramData\Dropbox
2017-06-27 22:59 - 2017-06-27 22:59 - 00000000 ____D C:\Users\mb16\AppData\Local\DBG
2017-06-27 22:58 - 2017-06-27 22:58 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-27 22:55 - 2017-06-27 22:55 - 00000020 ___SH C:\Users\mb16\ntuser.ini
2017-06-27 22:53 - 2017-06-27 22:53 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-27 22:52 - 2017-06-27 22:52 - 00000000 ____D C:\ProgramData\USOShared
2017-06-27 22:51 - 2017-06-27 22:52 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-27 22:51 - 2017-06-27 22:52 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-27 22:45 - 2017-06-27 22:45 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-27 22:44 - 2017-07-11 16:56 - 00003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2017-06-27 22:44 - 2017-07-11 10:56 - 01337936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-27 22:44 - 2017-07-11 10:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-27 22:44 - 2017-06-28 13:10 - 00005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2017-06-27 22:44 - 2017-06-28 13:10 - 00003778 _____ C:\WINDOWS\System32\Tasks\ACC
2017-06-27 22:44 - 2017-06-28 13:10 - 00003060 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2017-06-27 22:44 - 2017-06-27 23:00 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-27 22:44 - 2017-06-27 22:45 - 00003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2017-06-27 22:44 - 2017-06-27 22:45 - 00003692 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2017-06-27 22:44 - 2017-06-27 22:45 - 00003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-06-27 22:44 - 2017-06-27 22:45 - 00002766 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2017-06-27 22:44 - 2017-06-27 22:45 - 00002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2017-06-27 22:44 - 2017-06-27 22:45 - 00002042 _____ C:\WINDOWS\System32\Tasks\FubToolByPLD
2017-06-27 22:44 - 2017-06-27 22:44 - 00002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2017-06-27 22:44 - 2017-06-27 22:44 - 00002630 _____ C:\WINDOWS\System32\Tasks\Acer Collection Monitor Application
2017-06-27 22:44 - 2017-06-27 22:44 - 00002596 _____ C:\WINDOWS\System32\Tasks\Acer Collection Application
2017-06-27 22:44 - 2017-06-27 22:44 - 00002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2017-06-27 22:39 - 2017-06-27 22:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-27 22:36 - 2017-06-27 22:40 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-27 22:35 - 2017-07-11 10:20 - 00000000 ____D C:\Users\mb16
2017-06-27 22:35 - 2017-06-27 22:35 - 00000000 _SHDL C:\Users\mb16\My Documents
2017-06-27 22:35 - 2017-06-27 22:35 - 00000000 _SHDL C:\Users\mb16\Documents\My Videos
2017-06-27 22:35 - 2017-06-27 22:35 - 00000000 _SHDL C:\Users\mb16\Documents\My Pictures
2017-06-27 22:35 - 2017-06-27 22:35 - 00000000 _SHDL C:\Users\mb16\Documents\My Music
2017-06-27 22:34 - 2017-06-27 22:34 - 02011754 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-06-27 22:34 - 2017-06-27 22:34 - 00000000 ____D C:\ProgramData\rtkSSTSetting
2017-06-27 22:34 - 2016-10-21 01:16 - 01921016 _____ C:\WINDOWS\system32\Drivers\rtkSSTSetting.zip
2017-06-27 22:33 - 2017-06-27 22:37 - 00000000 ____D C:\Program Files\Intel
2017-06-27 22:33 - 2017-06-27 22:37 - 00000000 ____D C:\Program Files (x86)\Intel
2017-06-27 22:33 - 2017-06-27 22:33 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-27 22:33 - 2017-06-27 22:33 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-27 22:33 - 2017-06-27 22:33 - 00000000 ____D C:\Program Files\Realtek
2017-06-27 22:33 - 2017-06-27 22:33 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-06-27 22:33 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-27 22:33 - 2016-11-08 19:38 - 00113688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-27 22:33 - 2016-11-08 19:38 - 00104472 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-06-27 22:31 - 2017-07-11 10:50 - 00398568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-27 22:31 - 2017-07-11 10:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-27 21:43 - 2017-06-27 22:56 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-27 20:01 - 2017-06-27 21:43 - 00000036 _____ C:\WINDOWS\progress.ini
2017-06-27 20:01 - 2017-06-27 20:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-27 20:01 - 2017-06-27 20:01 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-27 19:44 - 2017-03-04 02:18 - 00198656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-06-27 19:34 - 2017-03-28 01:37 - 00031232 ____N (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-06-27 19:34 - 2017-03-04 02:26 - 00261632 ____N (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-06-27 19:02 - 2017-06-27 19:02 - 00000000 ____D C:\Users\mb16\AppData\Roaming\acer
2017-06-27 18:58 - 2017-06-27 21:05 - 00000000 ____D C:\Users\mb16\AppData\Local\MicrosoftEdge
2017-06-27 18:57 - 2017-06-27 19:03 - 00000000 ____D C:\Users\mb16\AppData\Local\acer
2017-06-27 18:57 - 2017-06-27 18:57 - 00000000 ____D C:\Users\mb16\abBox
2017-06-27 18:41 - 2017-06-27 21:39 - 00000000 ___HD C:\$GetCurrent
2017-06-27 18:41 - 2017-06-27 18:41 - 00000000 ____D C:\Users\mb16\AppData\Local\CrashDumps
2017-06-27 16:40 - 2017-06-29 16:47 - 00000000 ____D C:\Users\mb16\AppData\Local\CareCenter
2017-06-27 16:40 - 2017-06-27 23:00 - 00002364 _____ C:\Users\mb16\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-27 16:40 - 2017-06-27 23:00 - 00000000 ___RD C:\Users\mb16\OneDrive
2017-06-27 16:40 - 2017-06-27 16:40 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Skype
2017-06-27 16:40 - 2017-06-27 16:40 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Intel Corporation
2017-06-27 16:39 - 2017-06-27 22:59 - 00000000 ____D C:\Windows10Upgrade
2017-06-27 16:39 - 2017-06-27 20:35 - 00000000 ____D C:\Users\mb16\AppData\Local\clear.fi
2017-06-27 16:39 - 2017-06-27 16:39 - 00001333 _____ C:\Users\mb16\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-06-27 16:39 - 2017-06-27 16:39 - 00000821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-06-27 16:39 - 2017-06-27 16:39 - 00000000 ____D C:\Users\mb16\PicStream
2017-06-27 16:39 - 2017-06-27 16:39 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Macromedia
2017-06-27 16:39 - 2017-06-27 16:39 - 00000000 ____D C:\Users\mb16\AppData\Local\Comms
2017-06-27 16:39 - 2017-06-27 16:39 - 00000000 ____D C:\Users\mb16\AppData\Local\AOP SDK
2017-06-27 16:37 - 2017-07-11 16:54 - 00000000 __SHD C:\Users\mb16\IntelGraphicsProfiles
2017-06-27 16:37 - 2017-07-11 10:20 - 00000000 ____D C:\Users\mb16\AppData\Roaming\Adobe
2017-06-27 16:37 - 2017-07-08 11:05 - 00000000 ____D C:\Users\mb16\AppData\Local\Packages
2017-06-27 16:37 - 2017-06-28 12:36 - 00000000 ____D C:\Users\mb16\AppData\Local\ConnectedDevicesPlatform
2017-06-27 16:37 - 2017-06-28 11:49 - 00000000 ____D C:\Users\mb16\AppData\Local\VirtualStore
2017-06-27 16:37 - 2017-06-27 16:54 - 00000000 ____D C:\Users\mb16\AppData\Local\PackageStaging
2017-06-27 16:37 - 2017-06-27 16:37 - 00000000 ___HD C:\ProgramData\O949
2017-06-27 16:37 - 2017-06-27 16:37 - 00000000 ____D C:\Users\mb16\AppData\Local\TileDataLayer
2017-06-27 16:37 - 2017-06-27 16:37 - 00000000 ____D C:\Users\mb16\AppData\Local\Publishers
2017-06-27 15:34 - 2017-06-27 15:34 - 00000000 ____D C:\ProgramData\Dashlane
2017-06-27 15:32 - 2017-06-27 22:37 - 00000000 ____D C:\WINDOWS\oem
2017-06-27 15:30 - 2017-06-27 15:30 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-26 06:27 - 2017-06-26 06:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 06:27 - 2017-06-26 06:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc(539).exe
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 06:27 - 2017-06-26 06:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-11 10:49 - 2017-03-18 07:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-11 10:02 - 2016-12-06 11:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-10 22:20 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-08 11:04 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 16:27 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-06 19:07 - 2015-12-21 22:43 - 00000000 ____D C:\Users\mb16\Desktop\NYIT
2017-07-01 11:11 - 2016-12-06 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-01 10:48 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-29 15:06 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-29 14:33 - 2016-12-06 12:26 - 00000000 ____D C:\ProgramData\McAfee
2017-06-29 14:30 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-28 22:27 - 2016-08-19 18:28 - 04902797 _____ C:\Users\mb16\Desktop\UM_Acer_1.0_EN.pdf
2017-06-28 22:27 - 2015-08-11 09:01 - 01156811 _____ C:\Users\mb16\Desktop\Acer Regulatory Information and Safety Guide_EN_v4.pdf
2017-06-28 13:36 - 2015-03-17 02:17 - 00512392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-06-28 13:36 - 2015-03-17 02:17 - 00360840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-06-28 13:10 - 2016-12-06 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-06-28 12:39 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-28 12:32 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-28 12:31 - 2016-12-06 11:45 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2017-06-28 12:20 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\registration
2017-06-28 02:30 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-28 02:27 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-28 02:26 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-27 22:55 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-27 22:55 - 2016-12-06 11:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-27 22:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-27 22:52 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-27 22:52 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-27 22:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-27 22:46 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-27 22:44 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-27 22:44 - 2016-12-06 11:30 - 00909062 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-27 22:40 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-27 22:40 - 2017-03-18 07:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI(540)
2017-06-27 22:40 - 2016-12-06 11:31 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2017-06-27 22:40 - 2016-12-06 11:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-06-27 22:40 - 2016-12-06 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-27 22:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-27 22:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-27 22:37 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-27 22:34 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-27 20:36 - 2016-12-06 12:01 - 00000000 ____D C:\ProgramData\Acer
2017-06-27 19:03 - 2016-12-06 12:01 - 00000000 ____D C:\Program Files (x86)\Acer
2017-06-27 18:59 - 2016-12-06 12:00 - 00000000 ____D C:\ProgramData\OEM
2017-06-27 18:58 - 2016-10-05 05:40 - 00000000 ___HD C:\OEM

==================== Files in the root of some directories =======

2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\mb16\AppData\Local\report
2017-06-27 22:34 - 2017-06-27 22:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-06-28 13:33 - 2017-06-05 10:36 - 0186280 _____ (RealNetworks, Inc.) C:\Users\mb16\AppData\Local\Temp\lowproc.exe
2013-10-05 04:38 - 2013-10-05 04:38 - 0455328 _____ (Microsoft Corporation) C:\Users\mb16\AppData\Local\Temp\msvcp120.dll
2013-10-05 04:38 - 2013-10-05 04:38 - 0970912 _____ (Microsoft Corporation) C:\Users\mb16\AppData\Local\Temp\msvcr120.dll
2016-07-30 20:08 - 2016-07-30 20:08 - 3112960 _____ (Jason York) C:\Users\mb16\AppData\Local\Temp\pc-decrapifier.exe
2017-06-28 13:33 - 2017-06-05 10:36 - 0096496 _____ (RealNetworks, Inc.) C:\Users\mb16\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-10 22:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by mb16 (11-07-2017 17:01:50)
Running from C:\Users\mb16\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-28 02:54:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-188366014-661307068-2873173738-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-188366014-661307068-2873173738-503 - Limited - Disabled)
Guest (S-1-5-21-188366014-661307068-2873173738-501 - Limited - Disabled)
mb16 (S-1-5-21-188366014-661307068-2873173738-1001 - Administrator - Enabled) => C:\Users\mb16

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.07.2004 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3006 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.12.0 - Dashlane, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.239 - DivX, LLC)
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Excel QM v5.2 (HKLM-x32\...\{4F1155FD-9C2B-4C73-94BD-0EEDDDEDECEE}) (Version: 5.2.112 - Pearson)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-188366014-661307068-2873173738-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
POM-QM for Windows, v5 (HKLM-x32\...\POM-QM for Windows, v5) (Version: 5 - Pearson Education Inc)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10393 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.281 - Qualcomm Atheros)
RealDownloader (HKLM-x32\...\{115CCDDD-8728-4789-983D-D041A8E02316}) (Version: 18.1.8.212 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{30f9b8e2-1723-49b3-a51a-6b1701314fd9}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{4602B6EE-69EC-4548-B271-94D43CAA6C6F}) (Version: 18.1.8.212 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.8 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.08(9/7/2016) - Samsung Electronics Co., Ltd.)
Samsung M283x Series (HKLM-x32\...\Samsung M283x Series) (Version: 1.17 (9/29/2016) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (HKLM-x32\...\{CEF8613C-08DD-4092-9445-C3EBE9C81C37}) (Version: 18.1.8 - RealNetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
ZoneAlarm Antivirus (HKLM-x32\...\{87D6BFBA-093E-40B8-845E-746B75BE7339}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-188366014-661307068-2873173738-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-188366014-661307068-2873173738-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-96B18F3CF240}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-188366014-661307068-2873173738-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-08] (Acer Incorporated)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers01: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2017-05-01] (DivX, LLC)
ContextMenuHandlers01: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2017-05-01] (DivX, LLC)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-04-14] (Check Point Software Technologies Ltd.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2017-06-28] (RealNetworks, Inc.)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxDTCM.dll [2016-11-08] (Intel Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-04-14] (Check Point Software Technologies Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A229F2F-0DF3-47FD-A0C1-8C665AF89CDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-188366014-661307068-2873173738-1001 => C:\Program Files (x86)\Real\RealDownloader\realupgrade.exe [2017-06-02] (RealNetworks, Inc.)
Task: {222971EC-880D-45A2-BC52-18580C218545} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {2252A715-E8C5-49BC-9B90-177E361FB5E0} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-09-13] (Acer Incorporated)
Task: {23459139-95A5-4ECF-B0F6-A3CA4B1A1347} - System32\Tasks\CareCenter\GoogleDriveSync_Reg_HKCURun_S-1-5-21-188366014-661307068-2873173738-1001 => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2017-03-21] (Google) <==== ATTENTION
Task: {2E76B89A-6C8C-402C-B751-FCA7DEFB243F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-01] ()
Task: {3596CC32-D06C-4130-A8B8-F8F0988543F4} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-06-24] ()
Task: {3DA270C1-43C2-42A2-9521-9EC15C92D60F} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [2017-03-02] (Acer Incorporated)
Task: {3DD6E2D7-3084-4EDB-AFE6-62E7D3CFF2AF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-27] (Dropbox, Inc.)
Task: {3DE9BE47-166C-43DF-BF52-B53146B55483} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [2017-03-02] ()
Task: {48F00E20-F546-4713-A357-75E5B55CE6B6} - System32\Tasks\CareCenter\CDAServer_Reg_HKLMRun => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08] ()
Task: {64A42861-062B-46C1-8EFA-418E2D7E8B86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-27] (Google Inc.)
Task: {75FC85B1-A522-41C5-9F09-74230737DE3F} - System32\Tasks\Microsoft\Windows\RestartManager\{49B0C4B2-C9E3-4770-89C9-BB41E14C7D0C} => C:\WINDOWS\system32\rmclient.exe [2017-03-18] (Microsoft Corporation)
Task: {7AC3CF8C-44EB-4B1D-A57E-6D798CF50943} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {85A88FBC-E3E9-4639-B592-C8EAA41DAAC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {85D90738-A7A0-4AE0-8F80-28D338614721} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-06-24] (Acer Incorporated)
Task: {86FCBD47-3239-424C-A614-4719C48B93CF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-01] ()
Task: {87F0A6C9-819A-4D27-9F43-910774B9E5BA} - System32\Tasks\CareCenter\RtHDVBg_TrueHarmony_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-21] (Realtek Semiconductor)
Task: {8F74A532-5E5C-4EAF-86AC-34C08721F568} - System32\Tasks\CareCenter\RealTimes.lnk_FolderCommonAppdata => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2017-06-28] (RealNetworks, Inc.)
Task: {90E0874F-FC5E-4B9D-AFC0-8BC87BA30798} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {90E214DA-F018-4027-83A8-F66BF8FBA5A6} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {954C4EB6-858E-40E1-B54B-2B9C1355F3D9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {98153852-D02A-4E92-ACDA-1D0059A8407D} - System32\Tasks\CareCenter\Dropbox_Reg_HKLMWow6432Run => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2017-06-26] (Dropbox, Inc.)
Task: {9886D825-A7C9-4329-82F0-20404A0C1389} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-27] (Google Inc.)
Task: {AD56C44F-54F0-4D1C-ABEE-C7DA5360979A} - System32\Tasks\CareCenter\iTunesHelper_Reg_HKLMRun => C:\Program Files\iTunes\iTunesHelper.exe [2017-05-09] (Apple Inc.)
Task: {B01911B7-18D0-4592-BBFA-C1E4079A6B29} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {B36BCFB8-1C80-4549-951B-A762C244F60E} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-10-21] (Realtek Semiconductor)
Task: {B61AC75A-48AC-4B0F-99CD-8EF246B931EE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-188366014-661307068-2873173738-1001 => C:\Program Files (x86)\Real\RealDownloader\realupgrade.exe [2017-06-02] (RealNetworks, Inc.)
Task: {B9E7952B-C541-4F09-9C65-29B5FE665DC9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-27] (Dropbox, Inc.)
Task: {BEB5CEBA-1E3A-428D-830E-C88CBCED85CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {BF22EA78-730F-4F60-A6ED-E16ED541E8BA} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-05-01] (DivX, LLC)
Task: {C48DC8D0-BA5A-425F-AB54-474380D4103D} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe [2017-03-18] (Microsoft Corporation)
Task: {C61F5131-0B5C-4FEA-91BC-C564D65403BA} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
Task: {CE81EAC9-9B0C-4830-8F17-7B91D9A898DA} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {DDA37015-4F54-4E2B-BEA3-AC38BF9C97F6} - System32\Tasks\CareCenter\DivXMediaServer_Reg_HKLMWow6432Run => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2017-05-16] (DivX, LLC)
Task: {E05783C2-F6FC-4B23-9024-6AD9D242FDFA} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {EA23B80D-617E-41A7-9A04-A091E1B4D086} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [2017-06-02] ()
Task: {F0E2DB04-8CEC-4595-831E-2A41431622C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {F1E39AA5-9A57-428A-8562-F39C2B1D8C25} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-19 11:53 - 2016-09-19 11:53 - 01299920 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2.dll
2017-06-28 00:29 - 2015-06-26 11:27 - 00022528 _____ () C:\WINDOWS\System32\ssk5mlm.dll
2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-11 09:46 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-06 13:01 - 2015-05-14 03:10 - 00030976 _____ () C:\OEM\Preload\FubTool\FubTool.exe
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-03-02 19:18 - 2017-03-02 19:18 - 00479024 _____ () C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
2017-05-24 20:11 - 2017-05-24 20:11 - 04645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-03-22 08:06 - 2017-03-22 08:06 - 00865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2017-03-22 08:06 - 2017-03-22 08:06 - 00642280 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\update\UpdSdk.dll
2016-08-30 04:19 - 2016-08-30 04:19 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-06-27 23:04 - 2017-07-01 10:40 - 00164552 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-06-27 22:36 - 2017-06-27 22:36 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-06-27 23:25 - 2017-06-26 06:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-27 23:25 - 2017-06-26 06:27 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-27 23:25 - 2017-06-26 06:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-27 23:25 - 2017-06-26 06:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-27 23:25 - 2017-06-26 06:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-27 23:25 - 2017-06-26 06:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-27 23:25 - 2017-06-26 06:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-27 23:25 - 2017-06-26 06:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-27 23:25 - 2017-06-26 06:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-27 23:25 - 2017-06-26 06:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-27 23:25 - 2017-06-26 06:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-27 23:25 - 2017-06-26 06:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-27 23:25 - 2017-06-26 06:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-27 23:25 - 2017-06-26 06:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-27 23:25 - 2017-06-26 06:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-27 23:25 - 2017-06-26 06:29 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-27 23:25 - 2017-06-26 06:30 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-27 23:25 - 2017-06-26 06:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-27 23:25 - 2017-06-26 06:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-27 23:25 - 2017-06-26 06:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-27 23:25 - 2017-06-26 06:29 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00098816 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32api.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00110080 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\pywintypes27.dll
2017-07-11 16:58 - 2017-07-11 16:58 - 00364544 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\pythoncom27.dll
2017-07-11 16:58 - 2017-07-11 16:58 - 00320512 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32com.shell.shell.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00914432 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_hashlib.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 01176576 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._core_.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00806400 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._gdi_.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00816128 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._windows_.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 01067008 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._controls_.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00733184 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._misc_.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00682496 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\pysqlite2._sqlite.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00088064 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_ctypes.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00686080 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\unicodedata.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00119808 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32file.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00108544 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32security.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00007168 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\hashobjs_ext.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00017920 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\thumbnails_ext.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00088064 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\usb_ext.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00012800 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\common.time34.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00018432 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32event.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00167936 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32gui.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00046080 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_socket.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 01303552 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_ssl.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00128512 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_elementtree.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00127488 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\pyexpat.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00038912 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32inet.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00036864 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_psutil_windows.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00524248 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\windows._lib_cacheinvalidation.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00011264 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32crypt.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00123392 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._wizard.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00077312 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._html2.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00027648 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_multiprocessing.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00020480 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\_yappi.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00035840 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32process.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00078848 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\wx._animate.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00024064 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32pipe.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00010240 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\select.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00025600 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32pdh.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00017408 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32profile.pyd
2017-07-11 16:58 - 2017-07-11 16:58 - 00022528 ____R () C:\Users\mb16\AppData\Local\Temp\_MEI119042\win32ts.pyd
2017-06-28 13:37 - 2017-06-28 13:37 - 00101256 _____ () C:\Program Files (x86)\Real\RealPlayer\CrashRpt\CrashRpt1402.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2017-06-28 12:55 - 00001025 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-188366014-661307068-2873173738-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mb16\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 64.35.176.53 - 64.35.176.54
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-188366014-661307068-2873173738-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CB6F8537-EBC0-422E-A657-EF718E24E695}C:\program files (x86)\dropbox\client\dropbox.exe] => (Allow) C:\program files (x86)\dropbox\client\dropbox.exe
FirewallRules: [UDP Query User{F3D7A379-E588-40AF-9628-3BB1F71C4B19}C:\program files (x86)\dropbox\client\dropbox.exe] => (Allow) C:\program files (x86)\dropbox\client\dropbox.exe
FirewallRules: [{CF42923F-28EF-45C7-987B-A951F5D572B6}] => (Block) C:\program files (x86)\dropbox\client\dropbox.exe
FirewallRules: [{4255EF54-BCA7-428A-9921-36B0D789483C}] => (Block) C:\program files (x86)\dropbox\client\dropbox.exe
FirewallRules: [TCP Query User{534B05F7-7FEC-4032-B4FE-DB0E61588B53}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DD04F28B-03A4-4441-935A-E1B05834A62C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3645E625-FDF3-4225-8221-B3A7B5ECBE1F}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{5D0FF9F9-834B-4D24-81F7-E4DAEC8CEEDF}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe

==================== Restore Points =========================

30-06-2017 23:46:49 Scheduled Checkpoint
10-07-2017 23:29:58 PC Decrapifier Restore Point
11-07-2017 11:09:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2017 11:10:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.15063.332, time stamp: 0x591fdaf0
Faulting module name: CoreUIComponents.dll, version: 10.0.15063.413, time stamp: 0xed6b813d
Exception code: 0xc0000005
Fault offset: 0x0000000000077bd2
Faulting process id: 0x262c
Faulting application start time: 0x01d2fa5564127469
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: a8dc021e-116a-4f10-92b6-268c8bf02484
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (07/11/2017 11:10:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe CEF Helper.exe, version: 4.1.1.202, time stamp: 0x5934127c
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0xc0000005
Fault offset: 0x00be5ccd
Faulting process id: 0x1ab8
Faulting application start time: 0x01d2fa5628116d34
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
Report Id: 8ec3608b-9f1c-4f7b-8ccf-ac704d65d56f
Faulting package full name:
Faulting package-relative application ID:

Error: (07/11/2017 09:46:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-0SCO1A7P)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/11/2017 09:40:04 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (07/11/2017 09:39:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-0SCO1A7P)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00041403-0001-0000-1977-e90100000000} was terminated because it took too long to suspend.

Error: (07/11/2017 08:58:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-0SCO1A7P)
Description: Package Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/11/2017 08:48:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/11/2017 02:05:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-0SCO1A7P)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/11/2017 12:15:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/11/2017 12:07:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-0SCO1A7P)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (07/11/2017 04:54:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/11/2017 04:54:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/11/2017 11:18:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/11/2017 11:11:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/11/2017 10:57:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/11/2017 10:51:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/11/2017 10:50:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The request is not supported.

Error: (07/11/2017 10:50:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/11/2017 10:48:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

CodeIntegrity:
===================================
Date: 2017-07-11 16:56:58.275
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:56:57.546
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:55:43.540
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:55:41.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:55:22.713
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:55:21.886
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:55:21.675
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 16:55:21.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 11:15:55.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-07-11 11:15:53.293
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 32%
Total physical RAM: 12156.22 MB
Available physical RAM: 8209.11 MB
Total Virtual: 14012.22 MB
Available Virtual: 9982.96 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:783.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 663D3ACF)

Partition: GPT.

==================== End of Addition.txt ============================

Aura · July 12, 2017

We're almost done

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Click on the Fix button;
On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
Copy and paste its content in your next reply;

How's your system behaving now? Are there any other issues to address?

fixlist.txt

mbmike · July 13, 2017

The restart ( boot/start up) after fbar was a little slow (took time). Otherwise, don't see any questionable processes running. Seems good. Thank you very much.

Aura · July 13, 2017

Good Do you have the fixlog.txt log which should be on your desktop?

Aura · July 16, 2017

Hi mbmike,

Are you still with me?

Aura · July 18, 2017

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

A "g****.tmp.exe" files in the windows temp folder

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information