Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017 Ran by owner (25-07-2017 18:14:22) Running from D:\FRST Windows 10 Home Version 1607 (X64) (2016-10-01 12:08:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1627067754-1582462140-715050360-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1627067754-1582462140-715050360-503 - Limited - Disabled) George (S-1-5-21-1627067754-1582462140-715050360-1002 - Limited - Enabled) => C:\Users\George Guest (S-1-5-21-1627067754-1582462140-715050360-501 - Limited - Disabled) owner (S-1-5-21-1627067754-1582462140-715050360-1001 - Administrator - Enabled) => C:\Users\owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated) abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.01.2002 - Acer Incorporated) Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.) Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.) Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.) clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.2.2722 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.2.2729 - CyberLink Corp.) Hidden CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.) CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.) CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.) CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.) CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION) Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - ) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4945.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1627067754-1582462140-715050360-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation) Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.14 - Symantec Corporation) Hidden Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1627067754-1582462140-715050360-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-08] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-08] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-08] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation) ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation) ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation) ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04E6FC2A-F5BC-4C9D-9E29-27F4732EADD1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-12] (Microsoft Corporation) Task: {0E29F495-7C91-419C-BB85-D3AF22890B77} - System32\Tasks\ALU_SelfUpgrade => C:\ProgramData\Acer\updater2\Download\52971984\D\UpgradeDownload.exe [2017-06-13] () Task: {0EFEED03-5CAB-4295-A7A6-CE7812D6BEE0} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] () Task: {14A07802-6049-4E9B-91FD-8B0A9EB10932} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer) Task: {166864C0-972D-4E77-91A2-9DE6AD48B512} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {1F7C2B8A-1FD4-4345-8AFA-FB059F8FA7FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {25D7EFF2-AD81-447B-9F4E-67A70F018419} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {2DC1A953-7F0C-446B-B322-1904F75B71F5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {2DC7A63E-51DE-4C5B-973D-F6E49FA22FEA} - \WPD\SqmUpload_S-1-5-21-1627067754-1582462140-715050360-1001 -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {3777FAE5-F96D-433F-B357-4270F88A9812} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {42CBAF75-0D15-4AD1-889E-F82F9A46616A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {4EB8B992-3D3B-49B0-958B-185CA82C936C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation) Task: {5917F2D7-DBEA-465D-94D0-6AFC17E82FD5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {63FACCD9-F6DE-4022-9213-CA8F538FD652} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {651D6379-FC71-42DE-99CB-F062E4C65966} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {709E0548-700B-4A5F-B4A7-B48B0A2534DC} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2016-10-01] (Dolby Laboratories Inc.) Task: {70A4C000-D4D5-41E9-8547-86E2EC4EF3E8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {71AD5E7B-51DD-4F85-88CA-5349F4EA78CF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {761401EB-97AD-4C32-AF5B-59761D5BFB9E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {790760A9-0686-4CB5-8853-B11439834237} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {7F58BF6D-D42B-41E7-9420-245D648097D0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {7FD9FC80-EBA3-4DB2-8876-4A387884556B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated) Task: {847796AA-E679-4555-92FF-CBD8A95F2D75} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {8734D8EF-2ED5-40C2-BE35-6BBA4B91CE32} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated) Task: {89289A2B-8FC9-43F7-B2BB-4384A7FCA3AB} - \WPD\SqmUpload_S-1-5-21-1627067754-1582462140-715050360-1002 -> No File <==== ATTENTION Task: {8DEEC051-2742-43A9-86A9-7F577374FE90} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {9956FD0E-53E1-41BD-A24D-AEB7FC6E4C19} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {9AD24182-C04E-4288-90E4-598E45D2E7B9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {9E209917-E421-45A4-AD23-179AC1B0B110} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate) Task: {B7679C4C-89FB-4EF1-8616-717E932147FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated) Task: {BC15E2D7-1BD5-4BE6-A688-6FED57360CCE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation) Task: {CC634C93-FF8E-4F50-93AB-1853DE1E677E} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {E6395F5A-984F-4420-A0E7-6DD491B27660} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {F19A2108-6947-435A-BB1E-22AEB54CD4FD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink) Task: {F560FCD8-6108-4A38-B147-49AE14BFEF5C} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-07] (CyberLink) Task: {FE77323A-39B0-47C3-AB03-340382877B62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\owner\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001 ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-12 21:38 - 2017-06-21 03:48 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-06-14 13:11 - 2017-06-14 13:11 - 00104624 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe 2017-06-14 13:12 - 2017-06-14 13:12 - 00159408 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll 2016-01-11 10:42 - 2013-06-28 11:58 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2015-03-20 11:29 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-01-29 15:28 - 2013-01-29 15:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll 2013-01-29 15:28 - 2013-01-29 15:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll 2017-07-25 16:35 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-23 18:28 - 2017-01-31 08:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-05-04 15:19 - 2013-02-21 01:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2016-10-04 06:23 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-20 18:54 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-20 18:55 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-20 18:55 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-20 18:55 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-07-12 21:38 - 2017-06-21 02:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-07-12 21:38 - 2017-06-21 02:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-07-12 21:39 - 2017-06-21 02:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2013-05-04 15:05 - 2013-05-04 15:05 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe 2017-07-25 17:46 - 2017-07-25 18:00 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-07-25 17:46 - 2017-07-25 18:00 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-07-25 17:46 - 2017-07-25 18:00 - 43573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-07-25 17:46 - 2017-07-25 18:00 - 02435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll 2016-09-09 10:51 - 2016-09-09 10:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2016-09-09 10:51 - 2016-09-09 10:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll 2017-06-21 05:40 - 2017-06-21 05:40 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2011-03-09 15:21 - 2011-03-09 15:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2011-03-09 15:21 - 2011-03-09 15:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2016-09-28 07:37 - 2016-09-28 07:37 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2016-08-30 15:09 - 2016-08-30 15:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2016-08-30 15:05 - 2016-08-30 15:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2017-06-21 05:42 - 2017-06-21 05:42 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2013-05-04 14:50 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:05113FB9 [225] AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134] AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163] AlternateDataStreams: C:\ProgramData\Temp:4BEE39B0 [504] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1627067754-1582462140-715050360-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run32: => "LGODDFU" HKLM\...\StartupApproved\Run32: => "LTCM Client" HKLM\...\StartupApproved\Run32: => "TrackaPackage AppIntegrator 64-bit" HKLM\...\StartupApproved\Run32: => "TrackaPackage AppIntegrator 32-bit" HKLM\...\StartupApproved\Run32: => "TrackaPackage EPM Support" HKLM\...\StartupApproved\Run32: => "PackageTracer AppIntegrator 64-bit" HKLM\...\StartupApproved\Run32: => "PackageTracer AppIntegrator 32-bit" HKLM\...\StartupApproved\Run32: => "PackageTracer EPM Support" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{78C801D4-4165-4381-A8EC-22302493C6D6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{225FE7C6-7046-4F19-BD85-1745D8531929}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{FB680CEC-A992-4839-B682-63A2EC897CDC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{0CB9CDAC-8EA7-4CDC-B0D1-20A7C13E532D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{1DEA4735-D4A3-44FD-AF4C-74D84C56B5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{8F817DFC-866E-4B53-863A-6E5C7856C084}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{6498E769-67FD-483A-81B8-E4F4CF1E654D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{FEC06AED-8E25-4815-BBE0-D5CC536E6F8A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{24643F54-FCF8-40F8-AB28-F90DEB3F9801}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{026F42F7-5997-485B-83A1-F85FF800DB1E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{7D00C1FE-B969-4FFE-B401-119506F59390}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{44DD1A96-18EB-4A8F-B1DC-1D8497F1448B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{295C52B8-F47F-48A0-BA53-AAF9CE804BA3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe FirewallRules: [{316375D5-25DD-4B19-ABB0-C7BBF84E0ABA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe FirewallRules: [{F553E2B1-64CC-49B8-BFE4-F8A4E12A8E5E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe FirewallRules: [{EB8BF624-0742-4175-99DF-B7A4BAC75F58}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe FirewallRules: [{CF2EE4E7-C41F-41DC-9FD5-C5D1CB2DD26A}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe FirewallRules: [{1862ECE9-C6DB-43B7-B7BD-BD4EB8946777}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe FirewallRules: [{1206883E-87DC-4EFB-9E06-E211E5AEAF32}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe FirewallRules: [{CF65D0A1-430E-400A-9A54-0D874A684C35}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe FirewallRules: [{825463D9-04A1-473F-BD40-A65B4D55BA2A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe FirewallRules: [{F92D2559-304C-4799-A4B9-C287B12A6D36}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe FirewallRules: [{779C1F32-80EF-4D65-BA90-7FB3344F6FC4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe FirewallRules: [{F6A2884C-0FCD-4CF4-B901-FFD5331188E8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe FirewallRules: [{95C1A43B-A443-4206-9827-773D276D8443}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal_\ccd.exe FirewallRules: [{ED6E25A0-54F9-4E68-83AB-1B684F1C7AA5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal_\ccd.exe FirewallRules: [{C21FA4B5-2942-431E-9572-6D0C59072CA4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{BF94AA6D-6FB2-4424-9512-63F401E5D9CA}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{4AD2346F-2BB3-4401-B381-781B20B04F79}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{28204169-1249-4AD7-953B-A9AB5589D799}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{84EC9C69-C312-40B6-8349-1574287139D9}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{6E30C409-1C69-4152-8697-132A053601F0}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{51A4CED6-7544-4CAF-9170-ACF73762899B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{34B9CBB4-040B-4C1A-AA7D-F7B8DB991C16}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{4C5467A5-D5E4-4F24-89A1-20BC6C641D12}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{EF1F3F0F-9EF5-4444-8C60-AB46556F8A2B}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{8CF20CD8-F61A-42DB-8D4D-4C98EF79167D}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{8E47A823-45E8-4B72-ACC1-2176E1742C58}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{0A0A1B16-7DB0-49BE-8285-9D54DC19FCCD}] => (Allow) C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{C7852E9F-A765-47F7-B9F8-E7AB82862759}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{DAC0B3F1-C945-4BBE-B398-3C77E410A286}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{67B26A94-2258-44AB-8DFA-C0FB3A83500F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{A8690143-041A-4EF6-8204-392B17F38BEF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{A088E205-2AE1-4608-A2DD-905D3859D261}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{42EE21D1-30A4-4AA6-A629-A83470F3B6DE}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{735D5D7E-3A0D-4F62-9F3E-878B112EC23D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{B2035D54-FA39-40E6-8F5F-2F3EA91686C3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{4E2327BB-4782-417E-8E5D-F789C2054E4A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{6065B619-6C87-409B-81D3-02F48024DCCF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{D6955050-CABA-40D5-889C-2718F80D7298}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{6A1C7B74-B185-43F1-A55D-DE330569022B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{0EE2BBB2-F38E-487E-B7A0-45DE0F08FA86}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{3B2AD7C1-6161-41CB-973E-A0D4F353BA24}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{D09CA95F-5D53-4A07-9551-7C97CEF91005}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{EC113807-1376-47B1-AC5B-D2886635505D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{5CAB837A-E24F-4D68-9365-215435F95877}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{48C580CD-5405-48C1-969C-F81CB88CEC65}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{2D7B64C6-496A-4B20-92BA-74A9B7E5ED10}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{3CFFFE49-02D0-44EB-89DD-FC4AFB209ACD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{03DE24FC-6143-46CB-801E-0DCF417D06E0}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{90413D56-DBB8-499E-B7D8-B718F88A47D9}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{6841E09D-7BF3-440E-8F36-E09D5D8C0AAD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe FirewallRules: [{EBA443DF-EB33-4B7B-BF37-7063A25C25EC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{FE858CB4-DD18-40BC-BAFB-6C750B661873}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{C0CAE7C5-D9EA-44E2-AD1D-D5168653315A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{24346661-9C79-417C-B7B1-2846F51A2572}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{BBE50F3D-D718-4DAB-8097-34E93AEAA810}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{D0FBF938-28A7-4186-B59D-4D777C1688EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{84F11781-9867-43AD-8B0C-A11D7ACD34B5}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{7DB0F248-1B53-48B2-B2A7-056CBF3CAC23}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{45048B54-C362-4C10-8BC4-18121A3419BF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{27F71E0A-660F-4998-9C85-A1704CA42BBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{115F4B18-86B4-4CD5-90E8-C8883094D5FD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{A13C650D-AAF9-4B7F-A6E4-789EEC35CAF6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{4A442D60-8557-4556-A421-7B37E3E1BFA1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{5596842F-07B9-4407-963B-D5318D629D6F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{07D6C3DF-5997-4565-961F-2DF6A6E305CA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{006FA32F-A1C6-40D8-BBD1-47DB3DE208FF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{1CA9EE07-B973-4B4C-837C-8EE3939790C4}] => (Allow) C:\Program Files\Soluto\Soluto.exe FirewallRules: [{D4DF51A2-9E9A-4F4A-8B5F-8C24ADD61EF9}] => (Allow) C:\Program Files\Soluto\SolutoService.exe FirewallRules: [{C1CCC2B1-C077-41FC-9904-C3BF8F620233}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe FirewallRules: [{418B343C-04C6-4D8D-B393-B0E4D93DC34D}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe FirewallRules: [{7DA8052A-6FF7-4CBE-8D22-4D0CB2D81E3A}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe FirewallRules: [{B862E7D5-9944-4394-87DB-194D66DAFB84}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{26E84AA1-AFCF-45C3-9F20-9F58123CCCE5}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{56559FD9-0B66-42C7-90AD-B857A35AB5F4}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{6A1009D0-DD1F-4BA7-9722-F5FCEAAE2ED3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{369F53BE-2F46-423D-9DE5-285AAAEFF2CE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{B3F13C5C-092C-4299-AACB-6CB7861F762A}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{F263271B-9782-4077-B9EC-EE97B81C08E7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{2D04A34B-F120-4DB4-B762-EEC8CA4C2C47}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{AB949DAB-18D5-4090-AF8E-198EC6742C69}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [TCP Query User{D8C54BB8-00EC-45A5-8228-1DA39FA34407}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{16D83B43-BDD9-4805-9EA4-BFEDEE2BF84F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [TCP Query User{7157699B-98B3-42E4-8D24-1088D2F88EDE}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{24CC45FC-C934-4898-B1B9-FED415B0309D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{C08C040A-A957-4F97-88FD-121F4BC18457}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{7ADD2FF3-9D6B-4F40-B980-C2434FB5B9A9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{8F857FDD-B48B-4E78-9B1A-7A1938942947}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{303B1A7A-5B2B-4208-AFC7-8C21489BFD92}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{0751867C-4CDA-4CE4-9624-7001FD638149}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{12D7DB5E-6486-4D96-B5CE-44050BDC1AE1}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{C66BAB3A-6E2F-4BED-BC6F-15A082476DF0}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{0C2A667E-4799-41A1-BE5D-92143732E94E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{1B596193-258D-428D-A70B-3073120DFE6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{093197B1-6E46-4904-B304-5E7FB9FB923C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1FC0673A-6D7E-4CB6-98F9-28D742F4012B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6A3B6277-15D4-4734-A27C-076AD6095E74}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= 29-06-2017 11:27:19 Windows Update 12-07-2017 21:42:30 Windows Update 25-07-2017 17:21:24 Removed LG United Mobile Drivers. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/25/2017 05:52:43 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:52:43 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:52:43 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:38:07 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:38:07 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:22:52 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (07/25/2017 05:21:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/25/2017 05:15:37 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:15:37 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (07/25/2017 05:15:37 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected System errors: ============= Error: (07/25/2017 05:55:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (07/25/2017 05:52:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2017 05:52:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2017 05:52:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/25/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (07/25/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/25/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s). Error: (07/25/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/25/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-01-18 19:55:39.748 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.673 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.604 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.581 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.556 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.525 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.473 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-18 19:55:39.444 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz Percentage of memory in use: 43% Total physical RAM: 5959.27 MB Available physical RAM: 3390.3 MB Total Virtual: 6919.27 MB Available Virtual: 4293.52 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.16 GB) (Free:391.3 GB) NTFS Drive d: (GVTS_TOOLS) (Fixed) (Total:29.8 GB) (Free:13.46 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 340894DD) Partition: GPT. ======================================================== Disk: 1 (Size: 29.8 GB) (Disk ID: 8430174B) Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C) ==================== End of Addition.txt ============================