1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

PC infected

Discussion in 'Malware Removal Help' started by daveleonard, Jan 14, 2018.

  1. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Hello folks. I evidently downloaded an app that had a truck load of bad stuff attached to it. My pc runs slower now. I ran Malwarebytes repeatedly until 3 files remained that cannot be quarantined out of 949. Also there are 3 shortcuts to files I cannot delete even with Wise or File Shredder that have been attached to Windows Explorer. I keep getting I do not have permission to delete even when rub by administrator. The file location of these 3 lead to Windows Explorer which I cannot do anything with. The names of these apps that are in Windows is: Nonck B Nhtephet, Nckatb B Nhtephete and Bontn B Nhtephet. I don't what language this is but all the N's I have used are backward. I suspect Ukraine.
    Thanks for any help you can give me.
     

    Attached Files:

    Last edited: Jan 14, 2018
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    I've moved your thread to the appropriate forum.
    We need to get a better idea of what is going on here.

    The snapshot from MalwareBytes isn't really helpful.
    Please post the full report.

    To find the reports
    • From the main Dashboard click Reports (left hand side)
    • Double click on the scan log which shows the Date and time of the scan that showed the infections.
    • Click Export >> Copy to Clipboard
    • Paste the contents of the clipboard into your reply.
    .

    cad85b2aa116c546a5406e076e085c43.png

    Please post the reports from FRST:

    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • When the tool opens click Yes to the disclaimer.
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      f9c5dd9d6c34e8cff5b364943a1d98f6.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    MalwareBytes report
    Both reports from FRST.


    Thanks.
     
  3. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Thanks Starbuck but Windows Explorer does not work currently so I cannot get on the internet right now. I was able to get into system restore via the search window so now I am running restore to Jan 7 before all this happened. Whether or not I will then be able to function I do not know but as soon as I can get on the internet I will download Farbar and follow your instructions. Will let you know. I am currently using my tablet. Thanks.
     
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok Dave, thanks for letting me know.
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Just a thought Dave,

    Try resetting Windows Explorer.

    After the PC has started ( you'll probably have a blank Desktop if Explorer isn't working) press the 3 keys Alt + Ctrl + Del (at the same time) to fetch up the Task Manager.

    173fb560fbe11abccb4344ae8cddeeb6.png

    Scroll down the list and see if Windows Explorer is there.
    If so.... Right Click on it and select Restart.

    See if this works.

    Edit:
    or do you mean Internet Explorer isn't working?
    if that's the case.... try Firefox ( it may be a proxy problem)
     
    Last edited: Jan 14, 2018
    Tony D likes this.
  6. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Ok, I reset Windows and now am able to get online. The 3 unwanted files are still in Win Explorer. The system is responding pretty good now. See reports you wanted. Thanks

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
    Ran by Acer (administrator) on LAPTOP-UJTCBL4R (15-01-2018 09:54:42)
    Running from C:\Users\Acer\Downloads
    Loaded Profiles: Acer (Available Profiles: Acer)
    Platform: Windows 10 Home Single Language Version 1709 16299.125 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    () C:\OEM\Preload\DPOP\WINRECUSTOMIZE\WatchDog.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe
    () C:\OEM\Preload\FUBService\FUBService.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera_crashreporter.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
    (Microsoft Corporation) C:\Windows\System32\osk.exe
    (Opera Software) C:\Opera\49.0.2725.64\opera.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (SweetLabs, Inc) C:\Users\Acer\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-07-06] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-07-06] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{bf77037d-e6db-4c77-bb4b-2057304fde2a}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{e57245f7-47e2-42a6-b4e5-1f6ff6a82e90}: [DhcpNameServer] 40.32.1.66

    Internet Explorer:
    ==================
    HKU\S-1-5-21-826400198-3423980625-3033161288-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
    HKU\S-1-5-21-826400198-3423980625-3033161288-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-14] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-14] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-14] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-14] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-14] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-14] (Microsoft Corporation)

    FireFox:
    ========
    FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2018-01-15] [Legacy]
    FF Extension: (العربية Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ar@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Английски (САЩ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-bg@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Czech (CZ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-cs@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Dansk (da) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-da@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Deutsch (DE) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-de@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Ελληνικά Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-el@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Español (España) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-es-ES@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Estonian Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-et@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Finnish Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fi@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Français Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fr@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Hebrew (IL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-he@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Magyar (HU) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-hu@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Italiano (IT) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-it@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Japanese Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ja@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Korean (KR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ko@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Lietuvių Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-lt@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Norsk bokmål (NO) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nb-NO@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Nederlands (NL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nl@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Polski Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pl@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Português (pt-BR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-BR@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Português (Portugal) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-PT@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Russian (RU) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ru@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Slovak (SK) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sk@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Slovenski jezik Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sl@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (српски (sr) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sr@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Svenska (SE) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sv-SE@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (ไทย Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-th@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Türkçe (TR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-tr@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Ukrainian (UA) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-uk@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-CN@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-TW@firefox.mozilla.org [2018-01-15] [Legacy]
    FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2018-01-15] [Legacy]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2018-01-15] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-14] (Microsoft Corporation)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2017-06-14]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2017-06-14]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows (R) Win 7 DDK provider)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
    S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2016-08-05] (Dashlane, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
    S2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26576 2017-06-14] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-24] (Symantec Corporation)
    S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
    S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated)
    S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [296752 2017-02-21] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
    R4 WinREWatchDog; C:\OEM\Preload\DPOP\WinRECustomize\WatchDog.exe [20320 2015-07-15] ()
    S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
    S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-09-24] (Symantec Corporation)
    R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-09-24] (Symantec Corporation)
    R3 ETDI2C; C:\WINDOWS\System32\drivers\ETDI2C.sys [217688 2016-08-17] (ELAN Microelectronic Corp.)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVia64.sys [1012440 2016-09-24] (Symantec Corporation)
    R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [22320 2017-02-15] (Acer Incorporated)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvac.inf_amd64_6f98a16f5b0bfee2\nvlddmkm.sys [14190520 2017-02-16] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-21] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [28216 2017-01-21] (Windows (R) Win 7 DDK provider)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-21] (NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-21] (NVIDIA Corporation)
    R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15664 2017-02-15] (Acer Incorporated)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-04] (Realsil Semiconductor Corporation)
    R3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-24] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-24] (Symantec Corporation)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-24] (Symantec Corporation)
    S4 SymELAM; C:\WINDOWS\system32\drivers\NSx64\1608000.032\SymELAM.sys [24192 2016-09-24] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-06-14] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-24] (Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-24] (Symantec Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-16 00:44 - 2018-01-16 00:45 - 000000000 ____D C:\WINDOWS\InfusedApps
    2018-01-16 00:43 - 2018-01-16 00:43 - 000000000 ____D C:\Windows.old
    2018-01-16 00:42 - 2018-01-16 00:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2018-01-16 00:39 - 2018-01-16 00:39 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2018-01-16 00:38 - 2018-01-16 00:38 - 000000000 ____D C:\Program Files\Elantech
    2018-01-16 00:37 - 2018-01-16 00:37 - 000000000 ____D C:\WINDOWS\Setup
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ta-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\si-LK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\am-ET
    2018-01-16 00:32 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\system32\hi-IN
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\system32\gl-ES
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\system32\eu-ES
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\system32\ca-ES
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\OCR
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\Program Files\MSBuild
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-01-16 00:32 - 2018-01-16 00:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\winrm
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\WCN
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\slmgr
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\0409
    2018-01-16 00:29 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\DigitalLocker
    2018-01-16 00:25 - 2017-12-22 21:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-01-16 00:25 - 2017-12-22 21:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-01-16 00:22 - 2018-01-16 00:17 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2018-01-16 00:22 - 2018-01-16 00:17 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2018-01-16 00:22 - 2018-01-16 00:17 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2018-01-16 00:21 - 2018-01-16 00:45 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-01-16 00:21 - 2018-01-16 00:44 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2018-01-16 00:21 - 2018-01-16 00:44 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2018-01-16 00:21 - 2018-01-16 00:43 - 000000000 __RHD C:\Users\Public\Libraries
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\TextInput
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\Dism
    2018-01-16 00:21 - 2018-01-16 00:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-01-16 00:21 - 2018-01-16 00:35 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-01-16 00:21 - 2018-01-16 00:35 - 000000000 ____D C:\WINDOWS\Provisioning
    2018-01-16 00:21 - 2018-01-16 00:35 - 000000000 ____D C:\Program Files\Windows Defender
    2018-01-16 00:21 - 2018-01-16 00:32 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ___SD C:\WINDOWS\system32\dsc
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\com
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\setup
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\MUI
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\system32\com
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\IME
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\Program Files\Common Files\system
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2018-01-16 00:21 - 2018-01-16 00:29 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2018-01-16 00:21 - 2018-01-16 00:22 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2018-01-16 00:21 - 2018-01-16 00:22 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2018-01-16 00:21 - 2018-01-16 00:22 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2018-01-16 00:21 - 2018-01-16 00:22 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2018-01-16 00:21 - 2018-01-16 00:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2018-01-16 00:21 - 2018-01-16 00:22 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 __SHD C:\Program Files\Windows Sidebar
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 __RSD C:\WINDOWS\media
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___SD C:\WINDOWS\system32\Nui
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___SD C:\WINDOWS\system32\Configuration
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Web
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Vss
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\tracing
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\TAPI
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SystemResources
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SystemApps
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\winevt
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\ras
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\PointOfService
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\Ipmi
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\InputMethod
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\IME
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\icsxml
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\ias
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\hydrogen
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\downlevel
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\config\TxR
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\config\Journal
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\Bthprops
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\AppLocker
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\System
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SKB
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\security
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\schemas
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\SchCache
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Resources
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\rescache
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\PLA
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Performance
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\ModemLogs
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\L2Schemas
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\InputMethod
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Globalization
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Cursors
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\Branding
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\appcompat
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\addins
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files\Windows Security
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files\Windows Portable Devices
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files\windows nt
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files\Common Files\Services
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files (x86)\windows nt
    2018-01-16 00:21 - 2018-01-16 00:21 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2018-01-16 00:21 - 2018-01-16 00:16 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2018-01-16 00:21 - 2018-01-16 00:16 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
    2018-01-16 00:21 - 2018-01-16 00:16 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2018-01-16 00:21 - 2018-01-16 00:16 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
    2018-01-16 00:21 - 2018-01-16 00:16 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2018-01-16 00:21 - 2018-01-16 00:16 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2018-01-16 00:21 - 2018-01-16 00:16 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2018-01-16 00:21 - 2018-01-15 09:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2018-01-16 00:21 - 2018-01-15 09:55 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-01-16 00:21 - 2018-01-15 09:54 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-01-16 00:21 - 2018-01-15 09:16 - 000000000 ____D C:\WINDOWS\Registration
    2018-01-16 00:21 - 2018-01-15 09:10 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2018-01-16 00:21 - 2018-01-15 09:06 - 000000000 ___RD C:\Program Files (x86)
    2018-01-16 00:21 - 2018-01-15 09:06 - 000000000 ____D C:\WINDOWS\system32\spool
    2018-01-16 00:21 - 2018-01-15 09:06 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-01-16 00:21 - 2018-01-15 09:02 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2018-01-16 00:21 - 2018-01-15 08:59 - 000000000 ____D C:\ProgramData\USOPrivate
    2018-01-16 00:21 - 2018-01-15 08:57 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2018-01-16 00:21 - 2018-01-15 08:54 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2018-01-16 00:21 - 2018-01-15 08:54 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-01-16 00:21 - 2018-01-15 08:52 - 000000000 ____D C:\WINDOWS\Help
    2018-01-16 00:18 - 2018-01-15 09:35 - 000000000 ____D C:\WINDOWS\INF
    2018-01-16 00:06 - 2018-01-15 09:46 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-01-15 23:54 - 2018-01-16 00:43 - 000061440 _____ C:\WINDOWS\system32\config\SAM
    2018-01-15 23:54 - 2018-01-16 00:29 - 000000000 ____D C:\WINDOWS\servicing
    2018-01-15 23:54 - 2018-01-16 00:21 - 000000000 ____D C:\WINDOWS\system32\SMI
    2018-01-15 23:54 - 2018-01-15 09:19 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-01-15 23:54 - 2018-01-15 09:18 - 000000000 ____D C:\WINDOWS\Panther
    2018-01-15 23:54 - 2018-01-15 09:10 - 089128960 _____ C:\WINDOWS\system32\config\SOFTWARE
    2018-01-15 23:54 - 2018-01-15 09:10 - 022020096 _____ C:\WINDOWS\system32\config\SYSTEM
    2018-01-15 23:54 - 2018-01-15 09:10 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-01-15 23:54 - 2018-01-15 09:10 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
    2018-01-15 23:54 - 2018-01-15 09:10 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
    2018-01-15 09:54 - 2018-01-15 09:55 - 000020600 _____ C:\Users\Acer\Downloads\FRST.txt
    2018-01-15 09:54 - 2018-01-15 09:54 - 000000000 ____D C:\FRST
    2018-01-15 09:51 - 2018-01-15 09:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2018-01-15 09:51 - 2018-01-15 09:51 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-01-15 09:48 - 2018-01-15 09:50 - 000000000 ____D C:\Users\Acer\AppData\Local\PlaceholderTileLogoFolder
    2018-01-15 09:47 - 2018-01-15 09:47 - 002393088 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
    2018-01-15 09:23 - 2018-01-15 09:23 - 000003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2018-01-15 09:23 - 2018-01-15 09:23 - 000002364 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-01-15 09:23 - 2018-01-15 09:23 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Opera Software
    2018-01-15 09:23 - 2018-01-15 09:23 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Intel Corporation
    2018-01-15 09:23 - 2018-01-15 09:23 - 000000000 ____D C:\Users\Acer\AppData\Local\Opera Software
    2018-01-15 09:22 - 2018-01-15 09:22 - 000000000 ____D C:\Users\Public\App Explorer
    2018-01-15 09:22 - 2018-01-15 09:22 - 000000000 ____D C:\Users\Acer\AppData\Local\Comms
    2018-01-15 09:22 - 2018-01-15 09:22 - 000000000 ____D C:\Users\Acer\AppData\Local\CareCenter
    2018-01-15 09:21 - 2018-01-15 09:21 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2018-01-15 09:20 - 2018-01-15 09:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2018-01-15 09:20 - 2018-01-15 09:24 - 000000000 ____D C:\Users\Acer\AppData\Local\NVIDIA Corporation
    2018-01-15 09:20 - 2018-01-15 09:20 - 000000000 ____D C:\Users\Acer\AppData\Local\Publishers
    2018-01-15 09:20 - 2018-01-15 09:20 - 000000000 ____D C:\Users\Acer\AppData\Local\clear.fi
    2018-01-15 09:20 - 2018-01-15 09:20 - 000000000 ____D C:\Users\Acer\AppData\Local\AOP SDK
    2018-01-15 09:19 - 2018-01-15 09:19 - 000000000 ____D C:\WINDOWS\oem
    2018-01-15 09:18 - 2018-01-15 09:46 - 000000000 ____D C:\Users\Acer\AppData\Local\Packages
    2018-01-15 09:18 - 2018-01-15 09:18 - 000000020 ___SH C:\Users\Acer\ntuser.ini
    2018-01-15 09:18 - 2018-01-15 09:18 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
    2018-01-15 09:18 - 2018-01-15 09:18 - 000000000 ____D C:\Users\Acer\AppData\Local\VirtualStore
    2018-01-15 09:18 - 2018-01-15 09:18 - 000000000 ____D C:\Users\Acer\AppData\Local\ConnectedDevicesPlatform
    2018-01-15 09:17 - 2018-01-15 09:17 - 000000000 _SHDL C:\Users\Default User
    2018-01-15 09:17 - 2018-01-15 09:17 - 000000000 _SHDL C:\Users\All Users
    2018-01-15 09:16 - 2018-01-15 09:16 - 000887882 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-01-15 09:16 - 2018-01-15 09:16 - 000004302 _____ C:\WINDOWS\System32\Tasks\Software Update Application
    2018-01-15 09:16 - 2018-01-15 09:16 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
    2018-01-15 09:16 - 2018-01-15 09:16 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002858 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002820 _____ C:\WINDOWS\System32\Tasks\ACC
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002766 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002630 _____ C:\WINDOWS\System32\Tasks\Acer Collection Monitor Application
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002622 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002596 _____ C:\WINDOWS\System32\Tasks\Acer Collection Application
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002408 _____ C:\WINDOWS\System32\Tasks\App Explorer
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002284 _____ C:\WINDOWS\System32\Tasks\FUB
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002256 _____ C:\WINDOWS\System32\Tasks\Power Button
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002182 _____ C:\WINDOWS\System32\Tasks\Quick Access
    2018-01-15 09:16 - 2018-01-15 09:16 - 000002162 _____ C:\WINDOWS\System32\Tasks\User Boot Experience Task
    2018-01-15 09:16 - 2018-01-15 09:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-01-15 09:15 - 2018-01-15 09:15 - 000000360 _____ C:\WINDOWS\Tasks\DashlaneUpgradeCheck.job
    2018-01-15 09:14 - 2018-01-15 09:14 - 000010816 _____ C:\Users\Acer\Desktop\Removed Apps.html
    2018-01-15 09:13 - 2018-01-15 09:13 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2018-01-15 09:09 - 2018-01-15 09:49 - 000000000 ____D C:\Users\Acer\AppData\Local\Host App Service
    2018-01-15 09:09 - 2018-01-15 09:18 - 000000000 ____D C:\Users\Acer
    2018-01-15 09:08 - 2018-01-15 09:08 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-01-15 09:01 - 2018-01-15 09:01 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2018-01-15 08:59 - 2018-01-15 08:59 - 000000000 ____D C:\ProgramData\USOShared
    2018-01-15 08:52 - 2018-01-15 09:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2018-01-15 08:52 - 2018-01-15 09:04 - 000000000 ____D C:\Program Files (x86)\Intel
    2018-01-15 08:52 - 2018-01-15 09:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2018-01-15 08:52 - 2018-01-15 08:52 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2018-01-15 08:52 - 2017-01-05 14:36 - 000113688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2018-01-15 08:52 - 2017-01-05 14:26 - 000104480 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2018-01-15 08:52 - 2016-12-29 21:16 - 006384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2018-01-15 08:52 - 2016-12-29 21:16 - 002475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2018-01-15 08:52 - 2016-12-29 21:16 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2018-01-15 08:52 - 2016-12-29 21:16 - 000546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2018-01-15 08:52 - 2016-12-29 21:16 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2018-01-15 08:52 - 2016-12-29 21:16 - 000083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2018-01-15 08:52 - 2016-12-29 21:16 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2018-01-15 08:52 - 2016-12-22 07:59 - 007651057 _____ C:\WINDOWS\system32\nvcoproc.bin
    2018-01-15 08:51 - 2018-01-15 09:02 - 000000000 ____D C:\Program Files\Intel
    2018-01-15 08:51 - 2018-01-15 08:51 - 002039758 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2018-01-15 08:51 - 2018-01-15 08:51 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2018-01-15 08:51 - 2018-01-15 08:51 - 000000000 ____H C:\ProgramData\DP45977C.lfl
    2018-01-15 08:51 - 2018-01-15 08:51 - 000000000 ____D C:\WINDOWS\system32\IntelSSTAPO
    2018-01-15 08:51 - 2018-01-15 08:51 - 000000000 ____D C:\WINDOWS\system32\DAX3
    2018-01-15 08:51 - 2018-01-15 08:51 - 000000000 ____D C:\WINDOWS\system32\DAX2
    2018-01-15 08:51 - 2018-01-15 08:51 - 000000000 ____D C:\ProgramData\rtkSSTSetting
    2018-01-15 08:51 - 2017-09-29 21:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2018-01-15 08:51 - 2017-07-06 04:52 - 001916716 _____ C:\WINDOWS\system32\Drivers\rtkSSTSetting.zip
    2018-01-15 08:50 - 2018-01-15 09:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2018-01-15 08:50 - 2018-01-15 08:50 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2018-01-15 08:50 - 2018-01-15 08:50 - 000000000 ____D C:\Program Files\Realtek
    2018-01-15 08:48 - 2018-01-15 09:11 - 000222608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-01-15 08:48 - 2018-01-15 08:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-01-15 07:42 - 2018-01-16 00:45 - 000000000 ___HD C:\$SysReset
    2018-01-14 18:32 - 2018-01-14 18:25 - 000000030 _____ C:\AVScanner.ini
    2018-01-14 18:31 - 2018-01-14 18:44 - 000002062 _____ C:\Users\Acer\Desktop\Вoйти в Интeрнет.lnk
    2018-01-14 18:25 - 2018-01-14 18:25 - 000001658 _____ C:\Users\Acer\Desktop\Поиcк в Интeрнете.lnk
    2018-01-14 18:22 - 2018-01-14 18:22 - 000000190 _____ C:\Users\Acer\Desktop\Искать в Интернете.url
    2018-01-14 15:39 - 2018-01-14 17:30 - 389192529 _____ C:\Users\Acer\Downloads\FuneralforanAssassin_512kb.mp4
    2018-01-14 15:14 - 2018-01-14 15:38 - 346056289 _____ C:\Users\Acer\Downloads\the_bigamist_512kb.mp4
    2018-01-14 14:49 - 2018-01-14 15:12 - 647255572 _____ C:\Users\Acer\Downloads\barstow_alaska_73.mp4
    2018-01-11 19:17 - 2018-01-11 19:17 - 000000732 _____ C:\Users\Acer\Desktop\Videos - Shortcut.lnk
    2018-01-04 20:02 - 2018-01-16 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDAVITools
    2018-01-04 20:02 - 2018-01-11 19:22 - 000000000 ____D C:\Users\Acer\Documents\Free Video Volume Booster

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-16 00:44 - 2017-10-14 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AxCrypt
    2018-01-16 00:44 - 2017-09-14 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2018-01-16 00:44 - 2017-09-14 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2018-01-16 00:43 - 2017-09-14 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2018-01-16 00:43 - 2017-09-14 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2018-01-16 00:13 - 2017-09-29 21:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
    2018-01-15 09:43 - 2017-06-14 21:22 - 000000000 ____D C:\ProgramData\Acer
    2018-01-15 09:24 - 2017-06-14 21:10 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-01-15 09:23 - 2017-09-14 11:35 - 000000000 ___RD C:\Users\Acer\OneDrive
    2018-01-15 09:22 - 2017-06-14 21:21 - 000000000 ____D C:\ProgramData\OEM
    2018-01-15 09:19 - 2017-06-14 21:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2018-01-15 09:19 - 2017-06-14 21:34 - 000000000 ____D C:\ProgramData\Norton
    2018-01-15 09:18 - 2017-11-19 20:28 - 000000000 ___RD C:\Users\Acer\3D Objects
    2018-01-15 09:18 - 2017-09-14 11:31 - 000000000 __SHD C:\Users\Acer\IntelGraphicsProfiles
    2018-01-15 09:18 - 2017-06-14 20:05 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-01-15 09:13 - 2016-07-16 19:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2018-01-15 09:06 - 2017-06-15 09:21 - 000000000 ____D C:\WINDOWS\NAPP_Dism_Log
    2018-01-15 09:06 - 2017-06-14 21:36 - 000000000 ____D C:\Users\Public\Symantec
    2018-01-15 09:06 - 2017-06-14 21:36 - 000000000 ____D C:\Program Files (x86)\SymSilent
    2018-01-15 09:06 - 2017-06-14 21:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ____D C:\Users\Public\CyberLink
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ____D C:\ProgramData\NortonInstaller
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ____D C:\ProgramData\CyberLink
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ____D C:\ProgramData\CLSK
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
    2018-01-15 09:06 - 2017-06-14 21:34 - 000000000 ____D C:\Program Files (x86)\Norton Security
    2018-01-15 09:06 - 2017-06-14 21:33 - 000000000 ____D C:\ProgramData\Temp
    2018-01-15 09:06 - 2017-06-14 21:33 - 000000000 ____D C:\ProgramData\install_clap
    2018-01-15 09:06 - 2017-06-14 21:27 - 000000000 ___HD C:\ProgramData\{ED8D8B70-196F-4C4E-B1B5-3FDE44B8E688}
    2018-01-15 09:06 - 2017-06-14 21:27 - 000000000 ____D C:\Users\Default\AppData\Local\Host App Service
    2018-01-15 09:06 - 2017-06-14 21:27 - 000000000 ____D C:\Users\Default User\AppData\Local\Host App Service
    2018-01-15 09:06 - 2017-06-14 21:27 - 000000000 ____D C:\ProgramData\PPiP
    2018-01-15 09:06 - 2017-06-14 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
    2018-01-15 09:06 - 2017-06-14 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2018-01-15 09:06 - 2017-06-14 21:10 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-01-15 09:06 - 2017-06-14 21:10 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2018-01-15 09:06 - 2017-06-14 20:53 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
    2018-01-15 09:06 - 2017-06-14 20:53 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
    2018-01-15 09:06 - 2017-06-14 20:53 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
    2018-01-15 09:06 - 2017-06-14 20:33 - 000000000 ____D C:\ProgramData\Package Cache
    2018-01-15 09:06 - 2017-06-14 20:33 - 000000000 ____D C:\ProgramData\DriverSetupUtility
    2018-01-15 09:06 - 2017-06-14 20:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2018-01-15 09:06 - 2017-06-14 20:30 - 000000000 ____D C:\Program Files (x86)\Realtek
    2018-01-15 09:06 - 2017-06-14 20:29 - 000000000 ____D C:\ProgramData\Intel
    2018-01-15 09:06 - 2017-06-14 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2018-01-15 09:05 - 2017-06-14 21:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-01-15 09:05 - 2017-06-14 21:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-01-15 09:04 - 2017-06-14 21:27 - 000000000 ____D C:\Program Files (x86)\Dashlane
    2018-01-15 09:04 - 2017-06-14 20:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2018-01-15 09:04 - 2017-06-14 20:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-01-15 09:03 - 2017-06-14 21:34 - 000000000 ____D C:\Program Files (x86)\CyberLink
    2018-01-15 09:03 - 2017-06-14 21:22 - 000000000 ____D C:\Program Files (x86)\Acer
    2018-01-15 09:03 - 2017-06-14 20:59 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
    2018-01-15 09:02 - 2017-06-14 21:36 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
    2018-01-15 09:02 - 2017-06-14 21:21 - 000000000 ____D C:\Program Files\Acer
    2018-01-15 09:02 - 2017-06-14 20:59 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
    2018-01-15 09:02 - 2017-06-14 20:33 - 000000000 ____D C:\Program Files\DriverSetupUtility
    2018-01-15 09:02 - 2017-06-14 20:07 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2018-01-15 06:33 - 2017-09-16 16:25 - 000000957 _____ C:\Users\Acer\Desktop\launcher - Shortcut.lnk
    2018-01-15 06:16 - 2017-09-16 16:12 - 000000000 ____D C:\Opera
    2018-01-14 19:43 - 2017-09-16 19:24 - 000000000 ____D C:\AdwCleaner
    2018-01-14 17:40 - 2017-12-08 17:23 - 000001861 _____ C:\Users\Acer\Desktop\Items Needed.txt
    2017-12-29 20:28 - 2017-12-06 19:06 - 000000458 _____ C:\Users\Acer\Desktop\Stocks.txt
    2017-12-22 15:35 - 2017-09-16 16:13 - 000000000 ___RD C:\Users\Acer\Desktop\Illy

    Some files in TEMP:
    ====================
    2018-01-15 09:29 - 2018-01-15 09:45 - 047106968 _____ (SweetLabs,Inc.) C:\Users\Acer\AppData\Local\Temp\octD600.tmp.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-01-15 08:48

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
    Ran by Acer (15-01-2018 09:56:08)
    Running from C:\Users\Acer\Downloads
    Windows 10 Home Single Language Version 1709 16299.125 (X64) (2018-01-15 01:18:38)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Acer (S-1-5-21-826400198-3423980625-3033161288-1001 - Administrator - Enabled) => C:\Users\Acer
    Administrator (S-1-5-21-826400198-3423980625-3033161288-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-826400198-3423980625-3033161288-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-826400198-3423980625-3033161288-1000 - Limited - Disabled)
    Guest (S-1-5-21-826400198-3423980625-3033161288-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-826400198-3423980625-3033161288-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2001 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
    Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3006 - Acer Incorporated)
    Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2005 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3012 - Acer Incorporated)
    Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3000 - Acer Incorporated)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
    App Explorer (HKU\S-1-5-21-826400198-3423980625-3033161288-1001\...\Host App Service) (Version: 0.273.2.512 - SweetLabs)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
    Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.12.0 - Dashlane, Inc.)
    DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3019 - Acer Incorporated)
    ELAN HIDI2C Filter Driver X64 13.6.7.2_WHQL (HKLM\...\Elantech) (Version: 13.6.7.2 - ELAN Microelectronic Corp.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-826400198-3423980625-3033161288-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
    Norton Security (HKLM-x32\...\NS) (Version: 22.8.0.50 - Symantec Corporation)
    NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
    NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
    NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
    NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
    Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8205 - Realtek Semiconductor Corp.)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-24] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-24] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-24] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-10-18] (Acer Incorporated)
    ShellIconOverlayIdentifiers-x32-x32-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-10-18] (Acer Incorporated)
    ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-10-18] (Acer Incorporated)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-24] (Symantec Corporation)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\NavShExt.dll [2016-09-24] (Symantec Corporation)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\NavShExt.dll [2016-09-24] (Symantec Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-01-05] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-24] (Symantec Corporation)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\NavShExt.dll [2016-09-24] (Symantec Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B4DE3EE-0B6A-45D3-A689-BAC4636A4E81} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2017-02-21] ()
    Task: {13FDFA8F-E71B-4D2F-ABB6-27935D9340A7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2017-02-15] (Acer Incorporated)
    Task: {17561559-3C1E-447A-85B4-3E23AFBDC8F8} - System32\Tasks\App Explorer => C:\Users\Acer\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-12-22] (SweetLabs, Inc) <==== ATTENTION
    Task: {20F4602E-E969-4DAA-B6D8-7138CAC1E602} - System32\Tasks\FUB => C:\Program Files (x86)\Acer\Care Center\FUB.bat [2015-10-19] () <==== ATTENTION
    Task: {27792347-DB9B-493A-9B12-25F3BC2E7996} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
    Task: {31104F36-43E4-4435-A593-78B2AEBF8C58} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2017-02-15] (Acer Incorporated)
    Task: {32FE74DB-CC76-4A12-8A3E-1E5E275AAC9F} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [2017-03-02] ()
    Task: {3C2A9C55-3A5B-49C5-8755-C37AEED406BF} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-24] (Symantec Corporation)
    Task: {3CF79B8A-A9CE-4F21-8C8C-2B39F726E734} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
    Task: {473D1FAF-A4A5-4DD7-8F12-626F35A14D35} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-02-21] ()
    Task: {48109120-6860-4329-BEDD-18C15462351F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-10-18] (Acer)
    Task: {5AD4E386-840B-4532-AC2A-CB985515AFF8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
    Task: {6E7D540D-A506-416E-AE87-E7A5D1303514} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
    Task: {76E7E55B-7187-4305-A4B1-015089066EE9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-21] (NVIDIA Corporation)
    Task: {7E68A227-2052-4B33-AD36-724A5B2F59D0} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2017-02-17] (TODO: <Company name>)
    Task: {82B504B8-E27A-4A3B-A347-E9303E96FC39} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2017-02-15] (Acer Incorporated)
    Task: {8B97EDB1-B9CF-47AB-AE44-52A9EE7ABE59} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-02-21] ()
    Task: {97B0C10C-A35C-4A71-8E89-3C0C698C5E71} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [2017-03-02] (Acer Incorporated)
    Task: {B4EB4B16-109E-4466-BA99-10C89F9ACCB1} - System32\Tasks\User Boot Experience Task => C:\OEM\Preload\FUBService\FUBService.exe [2015-05-14] ()
    Task: {BC4C6135-348C-4584-953A-607D2AB28685} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-24] (Symantec Corporation)
    Task: {C76B6177-1D66-42B8-A67E-945993B5217A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
    Task: {D520B94E-B3D6-49EE-88FE-47774498854B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
    Task: {DAF1EEBA-8EB9-4DAC-9FFF-7CA033896BCE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
    Task: {E0FCC3B6-F04B-4A89-A615-C395B70164E8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-24] (Symantec Corporation)
    Task: {E770E9C9-0172-4051-A998-DE24AFB6A9DE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
    Task: {E8155EA8-7DB8-4636-BB54-06592984C601} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {E87521E3-49F2-4825-9C80-B1F16E3C9B41} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
    Task: {EC9BC422-F89C-4301-B1B7-F88E926FC7FD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-24] (Symantec Corporation)
    Task: {F0268735-4C8E-4F9B-89AB-449D5124DC41} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-24] (Symantec Corporation)
    Task: {F7DD96F8-5D4F-4A06-9566-1608C43DECAB} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DashlaneUpgradeCheck.job => net start Dashlane Upgrade ServiceWORKGROUP LAPTOP UJTCBL4R DashlaneUpgradeCheck 00

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Acer\Desktop\Вoйти в Интeрнет.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://tkistok.ru/?utm_source=desktop03&utm_content=1d61697ac549b92205e8b3224a3c02d2&utm_term=acb716625105015434d44b3da3a53f8c&utm_d=20180114"
    ShortcutWithArgument: C:\Users\Acer\Desktop\Поиcк в Интeрнете.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://go-search.ru/?utm_source=desktop"

    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2015-07-15 21:03 - 2015-07-15 22:36 - 000020320 _____ () C:\OEM\Preload\DPOP\WinRECustomize\WatchDog.exe
    2018-01-15 08:52 - 2016-12-29 21:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-06-14 21:47 - 2016-08-15 19:03 - 000111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2017-06-14 20:11 - 2017-06-14 20:11 - 008919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-06-14 22:21 - 2015-05-14 15:10 - 000030976 _____ () C:\OEM\Preload\FUBService\FUBService.exe
    2017-12-05 11:44 - 2017-11-26 20:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-12-05 11:43 - 2017-11-26 20:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-02-21 15:26 - 2017-02-21 15:26 - 004645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    2017-12-20 08:06 - 2017-12-20 08:05 - 094957864 _____ () C:\Opera\49.0.2725.64\opera_browser.dll
    2017-12-20 08:06 - 2017-12-20 08:05 - 004328744 _____ () C:\Opera\49.0.2725.64\libglesv2.dll
    2017-12-20 08:06 - 2017-12-20 08:05 - 000109352 _____ () C:\Opera\49.0.2725.64\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 19:47 - 2016-07-16 19:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-826400198-3423980625-3033161288-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.8.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2871D134-80C4-47C6-80C4-C2AEAE1915E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{CD2A47B8-DF51-4915-AB58-985C08982475}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{2F2DBDC2-C6F4-44C6-80A5-08C5305B6036}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{FD4CDE56-0CE5-4B30-B40F-DBD007C40EC4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{665BCBA2-C63C-491C-8981-19D290CE518F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{9A226E2C-36B7-4107-87B2-CD0C62860B02}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{A22A4D40-4129-4F7C-963B-86BBEB06827D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{3392D89B-CEC0-4D1F-9C9B-0AF92228D5D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{7EC48C54-5826-469A-83AF-9EE2E09DD791}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{850090D8-EBF6-4AF6-AF84-14F94C0B9654}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{FC27622B-3805-4781-8326-EEF2ADD80976}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{5B36311F-2F61-4DDA-9AE1-2B9AAEB234FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{5A90D127-931E-4B05-B4AD-375DC8569348}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C7AD1999-19F0-4AB9-82C9-A5CF2D7D55AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DEFE25E8-B061-4BE9-A9CA-4A2898DB34E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9F390963-7652-4146-B9DA-B7BA3D2FD12D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{7B52E034-5DBC-4861-B3A0-E6799ECB8D19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{EB73C60C-B07E-4CDA-874B-389F2E233510}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{30BA732D-3FF4-4382-B970-9B2BB470BD4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{AA3FF616-77D9-4395-AAA3-9C334CF943EF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/15/2018 09:36:12 AM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (01/15/2018 09:36:12 AM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

    Error: (01/15/2018 09:20:33 AM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (6616,P,0) TILEREPOSITORYS-1-5-21-826400198-3423980625-3033161288-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (01/15/2018 09:20:33 AM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (6616,P,0) TILEREPOSITORYS-1-5-21-826400198-3423980625-3033161288-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (01/15/2018 09:20:33 AM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (6616,P,0) TILEREPOSITORYS-1-5-21-826400198-3423980625-3033161288-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (01/15/2018 09:20:33 AM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (6616,P,0) TILEREPOSITORYS-1-5-21-826400198-3423980625-3033161288-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (01/15/2018 09:20:33 AM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (6616,P,0) TILEREPOSITORYS-1-5-21-826400198-3423980625-3033161288-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (01/15/2018 09:20:33 AM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (6616,P,0) TILEREPOSITORYS-1-5-21-826400198-3423980625-3033161288-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (01/15/2018 09:16:54 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
    Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-UJTCBL4R$ via https://INTC-KeyId-5e73c89aa3e902b2...24a.microsoftaik.azure.net/templates/Aik/scep failed:

    GetCACaps

    Method: GET(78ms)
    Stage: GetCACaps
    The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

    Error: (01/15/2018 09:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
    Exception code: 0xe0434352
    Fault offset: 0x0000000000013fb8
    Faulting process id: 0x164c
    Faulting application start time: 0x01d38d9e2785e4db
    Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 0af8e86f-d91c-45a4-984d-e5054334a924
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:46:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:42:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:37:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
    Percentage of memory in use: 67%
    Total physical RAM: 3964.22 MB
    Available physical RAM: 1279.58 MB
    Total Virtual: 5372.22 MB
    Available Virtual: 2206.42 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:931.63 GB) (Free:845.12 GB) NTFS
    Drive f: (New Volume) (Fixed) (Total:930.27 GB) (Free:929.14 GB) NTFS
    Drive g: (My Passport) (Fixed) (Total:465.73 GB) (Free:106.36 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 4D2A24AE)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: DE6BDE54)
    Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     

    Attached Files:

    Last edited by a moderator: Jan 15, 2018
  7. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Runs pretty good once I get online but pulling up apps is very slow.
     
  8. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    In addition I noticed that whenever the pc sits a while and the screen goes black, it will not wake up simply by moving the mouse like before. I have to do a hard boot to get going again.
     
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Just to let you know that I'm at work at the moment.
    I'll look through the reports as soon as I get home.
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Interesting reports...
    Look at the date/time you ran FRST:
    Now look at the date/time your Win Update came through:
    Update came through after you ran FRST!
    Can you check the Date/Time that is set on your PC.

    This explains why you have problems with Windows Explorer.
    But we can take care of that.

    Step 1
    FRST fix....
    Highlight and Copy the script within the quote box below: (make sure that you include Start:: and End:: as these are the clipboard notifiers).

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    cb871e71a3cb026a02a78566a2406257.png

    The tool will make a log in the same directory that FRST is run from (Fixlog.txt).
    Please post this in your next reply.

    Step 2
    It may well have been the infection that turned this off.
    Please follow my tutorial here to re-enable System Restore:

    Turn On System Restore in Windows 10

    Step 3
    This won't help your system:
    Running 2 firewalls will cause slowdown on the system and is not recommended.
    Please disable one of these.

    Step 4
    Let's run a double check with an online scan...

    I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
    • Download esetsmartinstaller_enu.exe and save it to your Desktop
    • Double click the icon
    • Check YES, I accept the Terms of Use
    • Click the Start button
    • Accept any security warnings from your browser
    • Click Advanced settings
    • Check the following items
    Enable detection of potentially unwanted applications
    Remove found threats
    Scan archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
    • Click Start
    • ESET will then download updates and begin scanning your computer
    • If no threats are found simply click Uninstall application on close and hit Finish
    • If threats are found click List of found threats
    • Click Export to text file
    • Save the file on your Desktop as ESET.txt
    • Click Back
    • Click Finish
    • Close the ESET Online Scanner window
    • Copy and paste the contents of ESET.txt in your reply

    In your next reply, please submit:
    Fixlog.txt (it'll be in the Download folder )
    The Eset scan report ... if anything is found

    let me know if there were any problems starting System Restore and stopping one of the firewalls.
    Also give me an update on how the system is running now.


    Thanks.
     
  11. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Hello Starbuck.
    From my layman's view it appears my pc is fixed. This AM the 3 shortcuts to the unwanted files in explorer are gone from the desktop. This is before I ran anything. The pc is running normally now. The only thing I could not do is run the ESET Scanner as I got an error about a proxy being configured. So I uninstalled my Tor browser and tried again but got the same error. I am sending what I did get done. I also restarted System Restore and ran backup. Since resetting windows I failed to set this up
    One other question please. Since I reset Windows I have a windows.old file now. Will the system gradually delete this or should I run disk cleanup or something?
    I checked the time and it is only off by I minute to the local time. See pc time attached.

    Thanks.
     

    Attached Files:

  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Did you run the FRST fix?
    You didn't post the fixlog.txt.

    Quite a few seem to have this problem from time to time.
    There's no definite explanation for it.
    To be on the safe side I'd like you to run another program as the double check.

    Please download RogueKiller Anti-malware (Free) onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on RogueKiller Anti-malware to install the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Select Accept the User Agreement then continue to click Next then finally click Install
    • Click Finish
      .
    • When the program opens..... click Scan

      7a851969392add38f7ef429118119e7e.png

    • Click Start Scan

      a860644b8b1fa2edfaa8dff4975e75c3.png

      273d3d5f1c6c1ba62ea0b03eae8c5bee.png
    • Double check anything found and tick to select items to be removed

      1dcfe2147750d63e84a5aa23c69f6272.png
    • Click Remove Selected
    • When the items have been removed.... Click Open Report >> Open TXT.
    • Copy and paste that report into your next reply.

    More often than not, you'll have to remove it using the disc cleanup utility.
    But I always wait a week or 2 just incase something is missing from the reset of Windows.
    You can always pull files etc back from the windows.old folder.
     
  13. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Hey Starbuck,
    Did you run the FRST fix?
    You didn't post the fixlog.txt.
    No I didn't. I got the notice that fixlog was not genertated so I did not hit fix thinking there was nothing to fix. I can see now I should have rerun the program and tried again. I will do that if you want.
    Please download RogueKiller Anti-malware (Free) onto your desktop.
    I did so and the program found the attached items. They have been removed.
    Thanks,
     

    Attached Files:

  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Yes, please follow the previous instructions for the FRST fix and run the script.
    There are a few other clean up procedures that it will run.
    It doesn't matter if some of those entries have already been removed.... the fix will skip over those.

    Thanks
     
  15. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Frst gave me two reports but neither are the fixlog.txt. Attached is what I got and I did hit fix. I ran the whole process again but still the fixlog.txt did not appear. I did get the notice though that fixlog.txt should be in the same location as the Fst file. That's all I know about it. I even went back and downloaded a fresh copy of Fst download and did it all over again but no luck.
    Thanks.
     

    Attached Files:

  16. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    We don't give up that easy lol.
    The fix can be run another way...

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    46aaca3dcbbefa74c3f4dc5740a24b68.png

    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.
     

    Attached Files:

  17. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Ok my friend. Sending everything in my download folder and hope at least one is what you need.
    Thanks
     

    Attached Files:

  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    The fixlist.txt is there.
    When the fix is run the fixlist.txt will disappear and the fixlog.txt will replace it.
     
  19. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    That's good to know. Will stand by and wait for your word.
    Thanks
     

Share This Page