Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Kyle (administrator) on LENOVO-PC (26-04-2016 13:23:25)
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle & cw210)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-09-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-09-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [WINCOM6H6] => "C:\Program Files (x86)\browseextension\wincom_6H6.exe"
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [tsiVideo] => C:\WINDOWS\SysWOW64\rundll32.exe C:\Users\Kyle\AppData\Local\Temp\mdi064.dll,fjasdfn <===== ATTENTION
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Chromium] => "c:\users\kyle\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\MountPoints2: F - "F:\OriginInstaller.exe"
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-15] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad3f64f4-91bb-4746-a26e-b8bbaf3a856a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{eb32ea8e-8f55-4e4c-921e-1175a432f467}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> DefaultScope {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335112&octid=EB_ORIGINAL_CTID&ISID=MD96DD767-7CA2-4E9E-8631-E22ACB53D56D&SearchSource=58&CUI=&UM=8&UP=SPA6D03BD4-5793-4BEA-AC73-223E7225897E&D=042516&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: search.mpc.am
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-11-11] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\searchplugins\Search Provided by Yahoo.xml [2016-04-26]
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\searchplugins\trovi.xml [2016-04-26]
FF Extension: BitComet Video Downloader - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2016-04-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Profile 1 -> search.mpc.am
CHR StartupUrls: Profile 1 -> "search.mpc.am"
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (AdBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-26]
CHR Extension: (Extutil) - C:\Users\Kyle\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-04-26]
CHR Extension: (Managera) - C:\Users\Kyle\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-04-26]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-10-12] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-26] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-09] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-01-01] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2016-01-01] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
Ran by Kyle (administrator) on LENOVO-PC (26-04-2016 13:23:25)
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle & cw210)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-09-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-09-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [WINCOM6H6] => "C:\Program Files (x86)\browseextension\wincom_6H6.exe"
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [tsiVideo] => C:\WINDOWS\SysWOW64\rundll32.exe C:\Users\Kyle\AppData\Local\Temp\mdi064.dll,fjasdfn <===== ATTENTION
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\Run: [Chromium] => "c:\users\kyle\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\...\MountPoints2: F - "F:\OriginInstaller.exe"
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-15] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad3f64f4-91bb-4746-a26e-b8bbaf3a856a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{eb32ea8e-8f55-4e4c-921e-1175a432f467}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> DefaultScope {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335112&octid=EB_ORIGINAL_CTID&ISID=MD96DD767-7CA2-4E9E-8631-E22ACB53D56D&SearchSource=58&CUI=&UM=8&UP=SPA6D03BD4-5793-4BEA-AC73-223E7225897E&D=042516&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nxtad_16_17¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyDyByBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StD0FtD0AyC0E0BtDtGyCtAtD0DtGtBtDtDtCtGyE0E0C0AtGtCyCtB0AyE0A0B0C0D0C0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1548146698%26a%3Dwbf_nxtad_16_17%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278036897-2692558216-3348730596-1001 -> {55F58303-11AB-4465-91C1-CF4A998C90DD} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtCtBtAyD0DtCtC0EyBtAtN0D0Tzu0StCyEtAzztN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDtCzzzyyC0DyCtGyEyEyE0BtG0CyB0D0CtGtByB0CzztGyC0EtDyDtA0F0DyDtA0EtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyCtBtDyDzy0EtGyC0AtCtCtGyEtDtA0AtGzytD0DyDtG0DyDyCtCtBzy0E0F0A0ByE0A2QtN0A0LzuyE%26cr%3D1154271230%26a%3Dwncy_pwrisofs_15_50%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: search.mpc.am
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-11-11] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\searchplugins\Search Provided by Yahoo.xml [2016-04-26]
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\searchplugins\trovi.xml [2016-04-26]
FF Extension: BitComet Video Downloader - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\wh5qfgre.default-1460419834305\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2016-04-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Profile 1 -> search.mpc.am
CHR StartupUrls: Profile 1 -> "search.mpc.am"
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (AdBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-26]
CHR Extension: (Extutil) - C:\Users\Kyle\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-04-26]
CHR Extension: (Managera) - C:\Users\Kyle\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-04-26]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3278036897-2692558216-3348730596-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-10-12] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-26] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-09] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-01-01] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2016-01-01] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)