Inactive Removed Virus, Computer Still Has Problems

Status
Not open for further replies.
T

TheGamingBeast

Hi,
I have removed Virus on my computer ever since most applications have on/off not responding within 0.8 ms if any of you have had this problem and know what it is let me know before I safely extract files on to a portable hard drive and do an automatic start from day 1 of launch.

Thanks P.S. it is really bloody annoying!
Extra PC (Laptop) Information
Windows 8.1
8 GB Ram. Intel 1.8, AMD A6, Lenovo (I am buying a $1680 MSI better than this crappy thing)
TheGamingBeast (Harry, name taken :/)
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
  • Like
Reactions: TheGamingBeast
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by harri_000 (administrator) on HARRYSPC (19-03-2016 12:11:45)
Running from C:\Users\harri_000\Desktop
Loaded Profiles: harri_000 (Available Profiles: harri_000 & ukbub_000 & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Pokki) C:\Users\harri_000\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\harri_000\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\harri_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-27] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-03-10] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-03-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2015-03-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2856616 2014-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1592104 2015-06-30] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\Run: [Pokki] => C:\Users\harri_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [6513480 2014-10-11] (Pokki)
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-05] (Valve Corporation)
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\RunOnce: [Application Restart #2] => C:\Users\harri_000\AppData\Local\Pokki\Engine\HostAppService.exe [7770440 2014-10-11] (Pokki)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-01-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-20] (Sophos Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{15F46E5E-5060-428B-ABAF-C29644503F73}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{661DD5AC-E1B2-4100-A37D-0ED4DADA12F5}: [DhcpNameServer] 150.204.1.2

Internet Explorer:
==================
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_0_1201_1403_20160227_AU_ie_sp_
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2715607831-444694372-1136969816-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2715607831-444694372-1136969816-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2715607831-444694372-1136969816-1002 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_0_1201_1403_20160227_AU_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-03-01] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-27] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-27] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\harri_000\AppData\Roaming\Mozilla\Firefox\Profiles\1bwdz6kn.default
FF NewTab: hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_0_1201_1403_20160227_AU_ff_nt_
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxps://www.google.com.au/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-01] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2715607831-444694372-1136969816-1002: @nsroblox.roblox.com/launcher -> C:\Users\harri_000\AppData\Local\Roblox\Versions\version-0ce38a2c538e4023\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2715607831-444694372-1136969816-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\harri_000\AppData\Local\Roblox\Versions\version-0ce38a2c538e4023\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\harri_000\AppData\Roaming\Mozilla\Firefox\Profiles\1bwdz6kn.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-01-28]
FF Extension: Amazon Assistant for Firefox - C:\Users\harri_000\AppData\Roaming\Mozilla\Firefox\Profiles\1bwdz6kn.default\Extensions\abb@amazon.com.xpi [2016-02-27]
FF Extension: YouTube™ AdBlock - C:\Users\harri_000\AppData\Roaming\Mozilla\Firefox\Profiles\1bwdz6kn.default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2016-01-28]
FF Extension: Adblock Plus - C:\Users\harri_000\AppData\Roaming\Mozilla\Firefox\Profiles\1bwdz6kn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Adblock Edge - C:\Users\harri_000\AppData\Roaming\Mozilla\Firefox\Profiles\1bwdz6kn.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-01-28]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome:
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR Profile: C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-28]
CHR Extension: (Google Docs) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-28]
CHR Extension: (Google Drive) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (Link All) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbplhdcnpcenkdciibplnkgmiffjfnni [2016-01-30]
CHR Extension: (YouTube) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Adblock Plus) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-05]
CHR Extension: (Google Search) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Agar.io Powerups) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efedcgdhahoncejkihgfnecicebndbhc [2016-01-30]
CHR Extension: (Google Sheets) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-28]
CHR Extension: (Supernova) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2016-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-05]
CHR Extension: (AdBlock) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-09]
CHR Extension: (ArcadeCake) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehadeafgjbogbeghjncelieafmgmcnn [2016-02-05]
CHR Extension: (Omnibox Twitter) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijepoopnmhdclmamigdibjmdpmdmmmfe [2016-01-30]
CHR Extension: (KingsRoad) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-01-30]
CHR Extension: (Skype) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-28]
CHR Extension: (Amazon Smart Search) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf [2016-03-09]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-03-09]
CHR Extension: (Gmail) - C:\Users\harri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
CHR HKU\S-1-5-21-2715607831-444694372-1136969816-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2715607831-444694372-1136969816-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-03-10] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-04] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2451880 2016-03-10] (Maxthon)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-03-10] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-03-10] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-09-16] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-09-16] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340264 2015-06-30] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300840 2015-01-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-20] (Sophos Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2014-12-22] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
S2 CltMngSvc; C:\PROGRA~2\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-19] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2014-09-16] (Sophos Limited)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2853400 2014-01-24] (Sonix Co. Ltd.)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-09-16] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2015-11-20] (Sophos Limited)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 12:11 - 2016-03-19 12:13 - 00026471 _____ C:\Users\harri_000\Desktop\FRST.txt
2016-03-19 12:10 - 2016-03-19 12:11 - 00000000 ____D C:\FRST
2016-03-19 12:08 - 2016-03-19 12:08 - 02374144 _____ (Farbar) C:\Users\harri_000\Desktop\FRST64.exe
2016-03-19 00:13 - 2016-03-19 00:13 - 09711784 _____ C:\Users\harri_000\Downloads\BungeeCord.jar
2016-03-18 12:42 - 2016-03-18 12:42 - 00000000 ____D C:\Users\harri_000\AppData\Local\UWKProcess
2016-03-18 12:41 - 2016-03-18 12:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-18 12:37 - 2016-03-18 12:38 - 00000000 ____D C:\Users\harri_000\AppData\Local\GeometryDash
2016-03-18 08:34 - 2016-03-18 08:34 - 00000000 ____D C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP
2016-03-15 14:55 - 2016-03-19 02:43 - 00002100 _____ C:\Users\harri_000\Desktop\NoPlugins.jar
2016-03-15 10:31 - 2016-01-11 02:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-15 10:31 - 2016-01-11 02:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-15 10:30 - 2016-01-16 02:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-15 10:30 - 2016-01-16 02:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-15 10:30 - 2015-12-21 00:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-15 09:12 - 2016-02-07 04:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-15 09:12 - 2016-02-05 03:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-15 09:12 - 2016-02-05 03:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-15 06:31 - 2016-03-17 01:03 - 00001730 _____ C:\Users\harri_000\Desktop\Plugin1.jar
2016-03-15 05:18 - 2016-03-15 05:19 - 20103125 _____ C:\Users\harri_000\Downloads\spigot-1.8.8.jar
2016-03-15 04:41 - 2016-03-15 04:41 - 00000000 ____D C:\Users\harri_000\.tooling
2016-03-15 04:36 - 2016-03-15 04:36 - 00006098 _____ C:\Users\harri_000\Downloads\ItemCommand(1).jar
2016-03-15 04:35 - 2016-03-19 01:09 - 00000000 ____D C:\Users\harri_000\AppData\Local\Eclipse
2016-03-15 04:32 - 2016-03-15 04:32 - 00001025 _____ C:\Users\harri_000\Desktop\Eclipse Java Mars.lnk
2016-03-15 04:32 - 2016-03-15 04:32 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2016-03-15 04:26 - 2016-03-15 04:26 - 00000000 ____D C:\Users\harri_000\eclipse
2016-03-15 04:23 - 2016-03-19 01:10 - 00000000 ____D C:\Users\harri_000\.p2
2016-03-15 04:23 - 2016-03-15 05:54 - 00000000 ____D C:\Users\harri_000\.eclipse
2016-03-15 04:21 - 2016-03-15 04:22 - 46881880 _____ C:\Users\harri_000\Desktop\eclipse-inst-win64.exe
2016-03-15 03:08 - 2016-03-15 03:08 - 00000000 ____D C:\Users\harri_000\AppData\Local\ElevatedDiagnostics
2016-03-14 18:09 - 2016-03-14 18:09 - 00000053 _____ C:\Users\harri_000\Downloads\google2814be1caad83019.html
2016-03-13 10:58 - 2016-03-13 11:01 - 00000000 ____D C:\Users\harri_000\Desktop\Wanted Laptops
2016-03-09 21:16 - 2016-03-09 21:17 - 05635440 _____ (MY.COM B.V.) C:\Users\harri_000\Downloads\ArmoredWarfareMycomLoader_bdc11d15b62785984415decda4bc8cdc_A_en.exe
2016-03-08 23:06 - 2015-11-20 02:55 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2016-03-07 00:41 - 2016-03-07 00:41 - 00000894 _____ C:\Users\harri_000\Downloads\Pictures - Shortcut.lnk
2016-03-06 21:47 - 2016-03-06 21:47 - 00009754 _____ C:\Users\harri_000\Downloads\OnslaughtSuite.jar
2016-03-04 15:35 - 2016-03-04 15:35 - 00000000 ____D C:\Users\harri_000\Documents\Universe Sandbox ²
2016-03-02 21:24 - 2016-03-02 21:24 - 00016394 _____ C:\Users\harri_000\Downloads\ItemCommand.jar
2016-03-02 17:24 - 2016-03-02 17:24 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\Blender Foundation
2016-03-02 16:51 - 2016-03-02 16:51 - 00000000 ____D C:\Users\harri_000\.thumbnails
2016-03-02 16:47 - 2016-03-02 16:47 - 00000000 ____D C:\Users\harri_000\Desktop\blender-2.76b-windows64
2016-03-02 07:17 - 2016-03-02 07:17 - 00120002 _____ C:\Users\harri_000\Downloads\CratesPlus-3.1.5.jar
2016-03-01 22:39 - 2016-03-07 01:08 - 00000609 _____ C:\Users\harri_000\AppData\Roaming\jd-gui.cfg
2016-03-01 22:20 - 2016-03-01 22:20 - 08764679 _____ C:\Users\harri_000\Desktop\jd-gui-1.4.0.jar
2016-03-01 22:06 - 2016-03-01 22:06 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-03-01 22:04 - 2016-03-01 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-03-01 22:02 - 2016-03-01 22:05 - 00000000 ____D C:\Program Files\Java
2016-03-01 21:57 - 2016-03-01 21:59 - 196405336 _____ (Oracle Corporation) C:\Users\harri_000\Downloads\jdk-8u74-windows-x64.exe
2016-03-01 17:28 - 2016-03-01 17:28 - 00000392 _____ C:\Users\harri_000\Downloads\public.key
2016-02-27 12:32 - 2016-03-11 07:03 - 00004612 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly
2016-02-27 12:32 - 2016-02-27 12:32 - 00004488 _____ C:\WINDOWS\System32\Tasks\DistromaticUpdater-periodic
2016-02-27 12:32 - 2016-02-27 12:32 - 00004090 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-logon
2016-02-27 12:32 - 2016-02-27 12:32 - 00003964 _____ C:\WINDOWS\System32\Tasks\DistromaticUpdater-logon
2016-02-27 12:32 - 2016-02-27 12:32 - 00000000 ____D C:\Users\harri_000\AppData\Local\Amazon Browser Settings
2016-02-27 12:31 - 2016-02-27 12:32 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Settings
2016-02-27 12:09 - 2016-02-27 12:09 - 862817072 _____ C:\WINDOWS\MEMORY.DMP
2016-02-27 12:09 - 2016-02-27 12:09 - 00281584 _____ C:\WINDOWS\Minidump\022716-55703-01.dmp
2016-02-27 12:09 - 2016-02-27 12:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-26 20:32 - 2016-02-26 20:41 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\.technic
2016-02-26 20:30 - 2016-02-26 20:30 - 04734664 _____ () C:\Users\harri_000\Desktop\TechnicLauncher.exe
2016-02-25 08:42 - 2016-02-25 08:42 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\TechSmith
2016-02-25 08:41 - 2016-03-13 14:50 - 00000000 ____D C:\Users\harri_000\Documents\Camtasia Studio
2016-02-25 08:41 - 2016-02-25 08:41 - 259967288 _____ C:\Users\harri_000\Downloads\camtasia.exe
2016-02-25 08:41 - 2016-02-25 08:41 - 00000000 ____D C:\Users\harri_000\AppData\Local\TechSmith
2016-02-25 08:40 - 2016-02-25 08:40 - 00001195 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2016-02-25 08:40 - 2016-02-25 08:40 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2016-02-25 08:40 - 2016-02-25 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-02-25 08:39 - 2016-02-25 08:39 - 00000000 ____D C:\ProgramData\TechSmith
2016-02-25 08:39 - 2016-02-25 08:39 - 00000000 ____D C:\Program Files (x86)\TechSmith
2016-02-25 08:39 - 2016-02-25 08:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-25 08:22 - 2016-02-25 08:26 - 259967288 _____ C:\Users\harri_000\Desktop\camtasia.exe
2016-02-22 12:00 - 2016-02-22 12:00 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\PeaZip
2016-02-22 11:58 - 2016-02-22 11:58 - 00001002 _____ C:\Users\harri_000\Desktop\PeaZip.lnk
2016-02-22 11:58 - 2016-02-22 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2016-02-22 11:58 - 2016-02-22 11:58 - 00000000 ____D C:\Program Files (x86)\PeaZip
2016-02-19 16:39 - 2016-02-19 16:45 - 00000000 ____D C:\Users\harri_000\Desktop\Desktop BG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 12:09 - 2016-01-30 07:50 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\Skype
2016-03-19 12:03 - 2015-11-10 21:00 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\.minecraft
2016-03-19 11:53 - 2016-01-28 17:26 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2715607831-444694372-1136969816-1002
2016-03-19 11:51 - 2014-03-18 19:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-19 11:51 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-19 11:49 - 2016-02-11 10:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-19 11:49 - 2016-01-28 17:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-19 10:22 - 2016-01-30 15:16 - 00000000 ____D C:\Users\harri_000\AppData\Local\CrashDumps
2016-03-19 10:22 - 2016-01-28 17:30 - 00002134 _____ C:\Users\harri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2016-03-19 10:22 - 2016-01-28 17:13 - 00000000 ____D C:\Users\harri_000\AppData\Local\Pokki
2016-03-19 02:49 - 2015-11-10 20:59 - 00000000 ____D C:\Users\harri_000\Desktop\My Server
2016-03-18 15:11 - 2016-01-28 18:37 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-18 13:45 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-18 11:56 - 2015-11-10 20:59 - 00000000 ____D C:\Users\harri_000\Desktop\TGB yt
2016-03-16 07:58 - 2016-01-28 18:29 - 00003104 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2715607831-444694372-1136969816-1002
2016-03-16 07:58 - 2015-11-10 20:55 - 00000000 ___DO C:\Users\harri_000\OneDrive
2016-03-15 12:49 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-15 12:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-15 12:48 - 2013-08-23 01:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-15 10:02 - 2016-01-28 17:36 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:02 - 2016-01-28 17:36 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 04:41 - 2016-01-28 17:13 - 00000000 ____D C:\Users\harri_000
2016-03-15 04:23 - 2015-11-30 14:40 - 00000000 ____D C:\Users\harri_000\.oracle_jre_usage
2016-03-15 03:11 - 2015-11-10 20:51 - 00000000 ____D C:\Users\harri_000\Documents\Bluetooth Folder
2016-03-12 13:09 - 2015-03-10 15:04 - 00000000 ____D C:\ProgramData\Energy Manager
2016-03-11 21:49 - 2016-02-11 10:04 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-11 07:11 - 2015-03-10 14:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-03-11 07:04 - 2015-11-26 17:32 - 00000000 ____D C:\Users\harri_000\Desktop\Pranks, Hacks, Coding
2016-03-11 07:01 - 2016-01-28 17:21 - 00001279 _____ C:\Users\harri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-03-11 07:01 - 2016-01-28 17:21 - 00000000 ____D C:\ProgramData\LU
2016-03-10 19:11 - 2015-03-10 14:11 - 00387834 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-03-10 19:11 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-10 18:01 - 2015-11-10 20:59 - 00000000 ____D C:\Users\harri_000\Desktop\Kimberley College Stuff
2016-03-09 02:54 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-03 11:10 - 2016-01-28 18:43 - 00000000 ____D C:\Users\harri_000\AppData\Local\Steam
2016-03-01 22:06 - 2016-01-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-27 16:53 - 2016-02-05 17:28 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-02-27 16:53 - 2016-02-05 17:28 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-27 16:51 - 2016-01-29 11:08 - 00000000 ____D C:\Windows.old
2016-02-27 12:52 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 12:48 - 2015-03-10 14:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-27 12:29 - 2016-01-28 18:55 - 00000000 ____D C:\ProgramData\Oracle
2016-02-27 12:29 - 2016-01-28 18:55 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-27 12:25 - 2016-01-28 18:55 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-26 10:32 - 2015-03-10 14:03 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-25 08:43 - 2016-01-28 18:47 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\Minecraft
2016-02-24 01:53 - 2016-01-30 07:50 - 00000000 ____D C:\ProgramData\Skype
2016-02-22 18:58 - 2016-01-31 13:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-22 18:48 - 2016-01-31 13:00 - 146614896 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-22 01:22 - 2016-01-28 18:08 - 00000000 ____D C:\Users\harri_000\AppData\Roaming\Notepad++
2016-02-19 16:49 - 2015-12-27 13:04 - 00000000 ____D C:\Users\harri_000\Desktop\DS4Windows

==================== Files in the root of some directories =======

2016-03-01 22:39 - 2016-03-07 01:08 - 0000609 _____ () C:\Users\harri_000\AppData\Roaming\jd-gui.cfg
2015-03-10 14:07 - 2015-03-10 14:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\harri_000\Firefox Setup Stub 42.0.exe


Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Lenovo.TVT.CustomerFeedback.Agent.exe
C:\Users\Administrator\AppData\Local\Temp\PokkiPlatform.exe
C:\Users\harri_000\AppData\Local\Temp\bdfilters.dll
C:\Users\harri_000\AppData\Local\Temp\jansi-64-1158764983418586976.dll
C:\Users\harri_000\AppData\Local\Temp\jansi-64-4986555475716331892.dll
C:\Users\harri_000\AppData\Local\Temp\jansi-64-6621651041921177134.dll
C:\Users\harri_000\AppData\Local\Temp\jansi-64-8924181900122600197.dll
C:\Users\harri_000\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\harri_000\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\harri_000\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-10 19:22

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by harri_000 (2016-03-19 12:14:51)
Running from C:\Users\harri_000\Desktop
Windows 8.1 (X64) (2016-01-28 07:17:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2715607831-444694372-1136969816-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2715607831-444694372-1136969816-501 - Limited - Enabled)
harri_000 (S-1-5-21-2715607831-444694372-1136969816-1002 - Administrator - Enabled) => C:\Users\harri_000
SophosSAUHARRYSPC0 (S-1-5-21-2715607831-444694372-1136969816-1007 - Limited - Enabled)
SophosSAUHARRYSPC1 (S-1-5-21-2715607831-444694372-1136969816-1012 - Limited - Enabled)
ukbub_000 (S-1-5-21-2715607831-444694372-1136969816-1009 - Limited - Enabled) => C:\Users\ukbub_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon)
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.3 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{665D4B18-EA91-BE16-3212-218C63F5DC4E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.2.1014 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.52 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dead Realm (HKLM-x32\...\Steam App 352460) (Version: - Section Studios)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo)
Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden
Five Nights at Freddy's 4 (HKLM-x32\...\Steam App 388090) (Version: - Scott Cawthon)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Geometry Dash (HKLM-x32\...\Steam App 322170) (Version: - RobTop Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\Pokki) (Version: 0.269.3.227 - Pokki)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.2.9 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1321.0_WHQL - Sonix)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.2 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo)
Lenovo Updates (x32 Version: 1.0.0.65 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.6181 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
PeaZip 5.9.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 5.9.1 - Giorgio Tani)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
ROBLOX Player for harri_000 (HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Slender: The Arrival (HKLM-x32\...\Steam App 252330) (Version: - Blue Isle Studios)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.15 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.3.10.27 - Sophos Limited)
Start Menu (HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\Pokki_Start_Menu) (Version: 0.269.3.227 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.26.9 - Synaptics Incorporated)
The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
Universe Sandbox ² (HKLM-x32\...\Steam App 230290) (Version: - Giant Army)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2715607831-444694372-1136969816-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\harri_000\AppData\Local\Roblox\Versions\version-0ce38a2c538e4023\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F86CDB3-B547-4C96-92CB-48589601F0F9} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-01-28] (Lenovo)
Task: {1361A98F-A4C5-485B-809D-287B27A0926F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-19] (Lenovo)
Task: {1D431A33-C901-43AE-B24E-2BFB38B672E3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-27] (Microsoft Corporation)
Task: {1DA8F0B5-141A-4B4F-BA51-43FDA07DD784} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-02-27] (Distromatic)
Task: {266209EE-1D89-43A3-B702-1FD0CED012DD} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {2F6C64BD-15A8-4649-8EF5-878BFEB559CE} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-02-27] (Distromatic)
Task: {33561FAA-2FDB-41ED-8205-6A0966FFACA0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-11] (Lenovo)
Task: {4551E0BF-9D60-4660-B728-B8A2D8CA8C58} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-04] (Lenovo)
Task: {4F4B37B9-FB8F-4AFA-93CC-5CA2AFC0CE7A} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {624731AA-3973-4373-B741-4E1B53B8DD9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {9570FDF9-FA8B-4053-8420-F0FAE16D4B5A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {99F6BA01-5CF0-4137-8C7F-95CAACE5F1E4} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-02-27] (Distromatic)
Task: {9C30461E-17F1-4847-B0F3-721359123BB3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2715607831-444694372-1136969816-1002 => C:\Users\harri_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-16] (Microsoft Corporation)
Task: {A3B54A40-915F-4E74-96DD-2117AC8D6961} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-02-27] (Distromatic)
Task: {AB2A9019-74CC-4F97-8B7F-57126C840B3F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-04] (Lenovo)
Task: {B5D159BF-F506-4895-AF0C-A723E552C4AF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {BBAA9837-B190-44FD-B3F2-7097D4208054} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()
Task: {BD48E259-A495-4175-9BAC-20F674E42CDE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {D2B22630-6943-44CF-AC5A-E07FDF5FC9A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {D5AF90E3-91DE-4659-A05E-D60D8F7E6C10} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-22] (Microsoft Corporation)
Task: {E089753A-AB89-41A0-A88A-7080F274F463} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {FAC81A05-8C81-459A-A147-AED5DCAD9E89} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-04] ()
Task: {FAE621B8-9B86-43AE-9CEC-32AAF979B4D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-02-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-19 15:12 - 2014-04-19 15:12 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-01-28 17:41 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-03-10 14:53 - 2012-04-25 12:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-03-10 14:49 - 2015-03-10 14:49 - 00068880 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2015-03-10 14:49 - 2015-03-10 14:49 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-03-10 14:46 - 2014-07-10 10:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2014-02-26 15:14 - 2014-02-26 15:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 15:11 - 2014-02-26 15:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 15:17 - 2014-02-26 15:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-03-10 14:07 - 2010-10-27 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-03-27 05:50 - 2015-03-10 15:04 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2014-04-19 15:12 - 2014-04-19 15:12 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-03-10 14:59 - 2015-03-10 14:59 - 00815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2016-02-27 12:42 - 2016-02-04 23:53 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-04-16 06:13 - 2015-04-16 06:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-28 18:42 - 2015-12-15 15:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-28 18:42 - 2015-07-04 02:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-28 18:42 - 2016-02-05 07:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-28 18:42 - 2015-07-04 02:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-28 18:42 - 2015-07-04 02:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-28 18:42 - 2015-09-24 10:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-28 18:42 - 2015-09-24 10:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-28 18:42 - 2015-09-24 10:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-28 18:42 - 2015-09-24 10:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-28 18:42 - 2015-09-24 10:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-28 18:42 - 2016-02-05 07:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-01-28 18:42 - 2015-12-30 11:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-03-10 14:54 - 2014-07-04 14:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-05 05:35 - 2014-07-05 05:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-01-28 18:42 - 2016-01-06 11:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-28 18:42 - 2015-09-25 09:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-01-28 17:13 - 2014-07-30 13:59 - 00569856 _____ () C:\Users\harri_000\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2016-01-28 17:13 - 2014-07-30 13:59 - 01400846 _____ () C:\Users\harri_000\AppData\Local\Pokki\Engine\avcodec-54.dll
2016-01-28 17:13 - 2014-07-30 13:59 - 00151054 _____ () C:\Users\harri_000\AppData\Local\Pokki\Engine\avutil-51.dll
2016-01-28 17:13 - 2014-07-30 13:59 - 00222734 _____ () C:\Users\harri_000\AppData\Local\Pokki\Engine\avformat-54.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-2715607831-444694372-1136969816-1002\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2715607831-444694372-1136969816-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\harri_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{80A757C1-F995-432A-91D8-D2BA6D904B9A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{649BFBEA-5FE9-472B-96E3-73CAC0A3BBF3}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{9D97C214-3572-4389-AA57-8F1EF226FE08}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{78A81834-76CF-4AE8-A28D-1F6AF5B6D941}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{226F9D34-BDE0-4000-8DCE-4BBD7CE15359}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{35ECC90F-D839-4AC7-8F3E-0F4FF25ADC27}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{207BD957-DC9A-490F-8F49-86061140CBF6}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0331CDAA-96EB-456E-BA1B-CA453E596F06}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{57EEE8E8-468D-4C10-81E2-EF5EF4CC6C74}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F48850EB-F6DE-4BB7-B18E-29105EBFCB28}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{61A61D0A-A6A3-4BAC-9DF9-7EA16AA7272E}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{FD5DF54E-50C0-4FFB-9394-678DCF2E0686}] => (Allow) LPort=55100
FirewallRules: [{3B8E4FBE-B3F1-4A12-B9D1-B4DEB5BF1614}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{BA48C229-2802-49A1-B536-EEBC23F991BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BA37111-7384-4F84-8B1F-EF604BAC11C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E29D3A36-D5FF-4D06-9743-787FC104850D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B5BF490E-D1C5-4A86-A42B-831EB2D397C5}] => (Allow) C:\Users\harri_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{CD649D91-0B07-4F10-B1E9-6F53EF17C5D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{78BADCDC-C4F6-41ED-800A-E7303491B1FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A1C894A-4148-4FEA-98A4-2B2695D5E8AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{741ED7E5-6BBC-401E-8511-820F99BDE398}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C9FD5BD3-1AAC-42FA-8683-A49865F38CFA}C:\users\harri_000\appdata\roaming\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\harri_000\appdata\roaming\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8BE6C415-A6D6-48FC-9CDB-83164F8E28F4}C:\users\harri_000\appdata\roaming\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\harri_000\appdata\roaming\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C693CCD5-7899-4CE2-88D1-D6AD7BE0184A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C47A392F-9BB7-4488-BD7E-CB0EFEA32DDD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{15910295-201F-40D6-A0CD-35CEF9D66CBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{C7ECF3A9-E947-4E03-A9DC-AE24A2013C7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{1E77E7BC-6B08-417B-8B3E-443762F1273B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{9024A7C0-AA33-422E-9358-E5F3E976C2A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{FE81EDFC-CD32-4106-9541-6BA7868B8228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{F744B7B0-7C69-44F7-830F-2BC3E01DF3DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{561B72E9-F5DB-430A-9312-34A853D909B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{DD82BC8E-9EB8-4E1B-B621-E2ACA694F224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{E4CEBDE6-3EE7-42D3-8AB1-E90CA51A2946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{B00398B1-5DFB-4397-8FA0-DB18E349F038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{04D05900-7E63-48BB-9665-9228E2BBF50F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{E8293D9E-0A5F-4219-BD5E-7DB7D5550E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{7D0979F3-4BD1-45EA-BE3A-16CBDCC6DC9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{8B756913-FE70-4DEC-B330-ED7B52F573BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{16B9F260-FE0F-45C2-96F3-D951CBBA4BEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{AAC0DE0A-631E-456D-A834-F8BF58AE0B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5B262C6C-07E8-4767-9A8C-D97064F2C52F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{A98A9A28-573C-4573-85DA-2B03270E0461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{0AB195C3-3C5B-47ED-B716-48220D75CC2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe
FirewallRules: [{75A9B0EC-B869-4A61-AA69-67F83065BFBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe
FirewallRules: [TCP Query User{91F61984-7B88-4EC2-93C1-F5C20756121F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{736F9EAC-AE5A-44FE-9297-085FFE623636}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{439A998F-6E0E-48A5-8DB0-BC2AC28DF61D}C:\users\harri_000\desktop\ogar-windows-0683096.exe] => (Allow) C:\users\harri_000\desktop\ogar-windows-0683096.exe
FirewallRules: [UDP Query User{2622AF1F-96AF-4988-9BD1-2E56201FB0E5}C:\users\harri_000\desktop\ogar-windows-0683096.exe] => (Allow) C:\users\harri_000\desktop\ogar-windows-0683096.exe
FirewallRules: [{4F15260C-0BE1-442C-AF59-B26661570F8C}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{512E7F58-EC4E-4865-A360-ED747DC5993E}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{8BD3739C-C2EC-42E0-A0DF-4645B631E61B}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{219EFF90-C44C-48C3-B335-5708C159389D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0AD40549-6E5A-4A47-97F8-73277895C2B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{28A41D70-4FD9-4A12-9913-1DCDDB9BDA7B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-03-2016 20:22:19 Scheduled Checkpoint
15-03-2016 12:36:05 Windows Update
18-03-2016 12:43:29 Installed DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2016 11:48:35 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/19/2016 10:22:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HostAppServiceUpdater.exe, version: 1.0.0.0, time stamp: 0x5438749b
Faulting module name: HostAppServiceUpdater.exe, version: 1.0.0.0, time stamp: 0x5438749b
Exception code: 0xc000041d
Fault offset: 0x000000000005a753
Faulting process id: 0x195c
Faulting application start time: 0xHostAppServiceUpdater.exe0
Faulting application path: HostAppServiceUpdater.exe1
Faulting module path: HostAppServiceUpdater.exe2
Report Id: HostAppServiceUpdater.exe3
Faulting package full name: HostAppServiceUpdater.exe4
Faulting package-relative application ID: HostAppServiceUpdater.exe5

Error: (03/19/2016 10:22:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HostAppServiceUpdater.exe, version: 1.0.0.0, time stamp: 0x5438749b
Faulting module name: HostAppServiceUpdater.exe, version: 1.0.0.0, time stamp: 0x5438749b
Exception code: 0xc0000005
Fault offset: 0x000000000005a753
Faulting process id: 0x195c
Faulting application start time: 0xHostAppServiceUpdater.exe0
Faulting application path: HostAppServiceUpdater.exe1
Faulting module path: HostAppServiceUpdater.exe2
Report Id: HostAppServiceUpdater.exe3
Faulting package full name: HostAppServiceUpdater.exe4
Faulting package-relative application ID: HostAppServiceUpdater.exe5

Error: (03/18/2016 11:54:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e38

Start Time: 01d180b8fda0cc62

Termination Time: 1265

Application Path: C:\Windows\System32\rundll32.exe

Report Id: 4f798080-ecac-11e5-8267-ace0100bdf82

Faulting package full name:

Faulting package-relative application ID:

Error: (03/18/2016 10:55:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x56bf6dfa
Faulting module name: client.dll, version: 1.0.0.1, time stamp: 0x56cbb9b3
Exception code: 0xc0000005
Fault offset: 0x000edaba
Faulting process id: 0x21ec
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3
Faulting package full name: hl2.exe4
Faulting package-relative application ID: hl2.exe5

Error: (03/18/2016 10:49:35 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/18/2016 08:34:38 AM) (Source: MsiInstaller) (EventID: 1013) (User: HARRYSPC)
Description: Product: NVIDIA PhysX v8.09.04 -- Installation terminated

Error: (03/17/2016 04:58:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/17/2016 03:55:38 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/17/2016 06:50:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SynTPEnh.exe, version: 18.1.26.9, time stamp: 0x54987d22
Faulting module name: SynTPEnh.exe, version: 18.1.26.9, time stamp: 0x54987d22
Exception code: 0xc0000005
Fault offset: 0x0000000000003184
Faulting process id: 0x10d8
Faulting application start time: 0xSynTPEnh.exe0
Faulting application path: SynTPEnh.exe1
Faulting module path: SynTPEnh.exe2
Report Id: SynTPEnh.exe3
Faulting package full name: SynTPEnh.exe4
Faulting package-relative application ID: SynTPEnh.exe5


System errors:
=============
Error: (03/19/2016 03:06:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - March 2016 (KB890830).

Error: (03/15/2016 12:48:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - March 2016 (KB890830).

Error: (03/14/2016 06:04:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/14/2016 06:04:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/13/2016 08:09:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/13/2016 08:09:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/12/2016 11:50:09 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/12/2016 11:50:09 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/11/2016 07:22:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/11/2016 07:22:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 43%
Total physical RAM: 7128.26 MB
Available physical RAM: 4004.6 MB
Total Virtual: 14296.26 MB
Available Virtual: 9953.75 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.48 GB) (Free:788.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6CF31FD0)

Partition: GPT.

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Status
Not open for further replies.

Similar threads

M
Solved Possible Virus? Weird computer problems
2
Replies
26
Views
13K
Broni
Broni
D
Solved Possible Virus
2
Replies
34
Views
16K
Broni
Broni
N
The PC should have been dead by now, but it's still alive and kicking
2
Replies
38
Views
6K
hel0sn8
hel0sn8

Latest posts

Back