Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy being changed Automatically


  • This topic is locked This topic is locked
18 replies to this topic

#1 shavak1997

shavak1997

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 28 January 2016 - 12:54 PM

I am running Windows 10 Home edition.

 

The proxy in my computer settings is getting reset as follows:

Capture.png

 

Where the some settings refers to the proxy settings and doesnt seem to go away. Chrome, Edge and any other chromium based browsers seem to be affected except for firefox.

I have already run the following softwares: AdwCleaner, JRT, Hitman, Malwarebytes Anti-Malware and Emisoft Emergency Kit.

Chrome works at times for a few minutes after boot after which the proxy error pops up.

 

The FRST logs are attached herewith:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by shavak (administrator) on SHAVAK-PC (28-01-2016 23:04:59)
Running from C:\Users\shavak\Documents\EGDownloads
Loaded Profiles: UpdatusUser & shavak &  (Available Profiles: UpdatusUser & shavak)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avpui.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files\DC++\DCPlusPlus.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Mozilla Corporation) C:\Program Files (x86)\Aurora\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Aurora\plugin-container.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(SurfRight B.V.) C:\Users\shavak\Documents\EGDownloads\HitmanPro_x64(1).exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Farbar) C:\Users\shavak\Documents\EGDownloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3233976 2015-08-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2367704 2014-04-18] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-14] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2015-05-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-03] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3791644838-2506976317-402157581-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3791644838-2506976317-402157581-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Google Update] => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\Eagleget.exe [1856000 2015-05-29] (EagleGet.com)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Spotify] => C:\Users\shavak\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-18] (Spotify Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [BitTorrent] => C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Spotify Web Helper] => C:\Users\shavak\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-18] (Spotify Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\MountPoints2: {1be9bef0-86ba-11e5-82f8-28d244c83de6} - "G:\AutoRun.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\MountPoints2: {72f03e60-b81a-11e4-82a5-28d244c83de6} - "F:\O16Setup.EXE"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\MountPoints2: {cbc243cc-a328-11e5-82fc-28d244c83de6} - "G:\AutoRun.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\Eagleget.exe [1856000 2015-05-29] (EagleGet.com)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\shavak\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-18] (Spotify Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\shavak\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-18] (Spotify Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1be9bef0-86ba-11e5-82f8-28d244c83de6} - "G:\AutoRun.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {72f03e60-b81a-11e4-82a5-28d244c83de6} - "F:\O16Setup.EXE"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cbc243cc-a328-11e5-82fc-28d244c83de6} - "G:\AutoRun.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-05-27]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\shavak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 172.24.2.71
Tcpip\..\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}: [DhcpNameServer] 172.24.2.71
Tcpip\..\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}: [DhcpNameServer] 10.42.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3791644838-2506976317-402157581-1002 -> DefaultScope {EF13EC81-2C79-4695-87BD-3F0A21A3CC5B} URL =
SearchScopes: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {EF13EC81-2C79-4695-87BD-3F0A21A3CC5B} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2015-05-29] (EagleGet.com)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3791644838-2506976317-402157581-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default
FF NetworkProxy: "type", 0);user_pref("network.proxy.type", 0);user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20140923-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20141028-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20141231-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150704-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150706-0655 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150824-1522 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20151023-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.0.112 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-05-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.0.112 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-05-27] (RealTimes)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\shavak\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @talk.google.com/O1DPlugin -> C:\Users\shavak\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @tools.google.com/Google Update;version=3 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @tools.google.com/Google Update;version=9 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2015-05-29] (EagleGet)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: eagleget.com/EagleGet64_x86_64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [2015-05-29] (EagleGet)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\shavak\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\shavak\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2015-05-29] (EagleGet)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: eagleget.com/EagleGet64_x86_64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [2015-05-29] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Users\shavak\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shavak\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Greasemonkey - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-08] [not signed]
FF Extension: Tab Mix Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-08] [not signed]
FF Extension: WOT - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-10-08] [not signed]
FF Extension: Tab notifier - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\tabnotifier@unusoft.it.xpi [2014-10-08] [not signed]
FF Extension: S3.Google Translator - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\s3google@translator.xpi [2014-10-08] [not signed]
FF Extension: IOS7 New Tab - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\ios7newtab@gmail.com [2014-10-08] [not signed]
FF Extension: GDrive Panel - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\gdrivepanel@alejandrobrizuela.com.ar.xpi [2014-10-08] [not signed]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\donottrackplus@abine.com [2014-10-08] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\FFExt\light_plugin_firefox [2016-01-23]
FF Extension: Disconnect - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\2.0@disconnect.me.xpi [2014-10-03] [not signed]
FF Extension: auto-plugin-checker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\auto-plugin-checker@jetpack.xpi [2014-10-03] [not signed]
FF Extension: CompassMenu - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\compass_menu@tatapa.org.xpi [2014-10-03] [not signed]
FF Extension: ERail Plugin for Firefox - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Webmail Ad Blocker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\gmailnoads@mywebber.com.xpi [2014-10-03] [not signed]
FF Extension: Self-Destructing Cookies - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Tab Grenade - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Remove/Crop-to Selection - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\jid1-mMNvppACqZ8HOQ@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Clean Links - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-10-03] [not signed]
FF Extension: Tamper Data - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-10-03] [not signed]
FF Extension: Adblock Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-03] [not signed]
FF Extension: auto-plugin-checker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\auto-plugin-checker@jetpack.xpi [2015-08-26]
FF Extension: Browsec - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\browsec@browsec.com.xpi [2016-01-23]
FF Extension: CompassMenu - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\compass_menu@tatapa.org.xpi [2015-07-13]
FF Extension: ERail Plugin for Firefox - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi [2015-07-21]
FF Extension: Session box - Tabs manager - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\fvdmedia@googlemail.com.xpi [2015-07-18]
FF Extension: GDrive Panel - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\gdrivepanel@alejandrobrizuela.com.ar.xpi [2015-07-14]
FF Extension: Webmail Ad Blocker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\gmailnoads@mywebber.com.xpi [2015-09-22]
FF Extension: Self-Destructing Cookies - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-11-27]
FF Extension: One Click Proxy - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-08-26]
FF Extension: Pushbullet - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2016-01-23]
FF Extension: WikiWand: Wikipedia Modernized - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-D7momAzRw417Ag@jetpack.xpi [2015-07-13]
FF Extension: Tab Grenade - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2015-07-24]
FF Extension: Remove/Crop-to Selection - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-mMNvppACqZ8HOQ@jetpack.xpi [2015-07-13]
FF Extension: Skip adf.ly skip!! - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-nSEySa4aWGanbw@jetpack.xpi [2015-07-13]
FF Extension: Google™ Hangouts - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2015-09-22]
FF Extension: YouTube™ AdBlock - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2016-01-23]
FF Extension: Karma Blocker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\kabl@trac.arantius.com.xpi [2015-09-22]
FF Extension: Rapportive - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\rapportive@rapportive.com.xpi [2015-07-13]
FF Extension: S3.Google Translator - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\s3google@translator.xpi [2016-01-23]
FF Extension: Save Session - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\savesession@noasobi.net.xpi [2015-07-18]
FF Extension: Session Sync - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\session-sync@gabrielivanica.com.xpi [2015-07-18]
FF Extension: Tab notifier - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\tabnotifier@unusoft.it.xpi [2015-07-14]
FF Extension: Session Manager - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-01-23]
FF Extension: Clean Links - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-07-13]
FF Extension: Tamper Data - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-07-14]
FF Extension: Adblock Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-23]
FF Extension: Tab Mix Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-01-23]
FF Extension: Greasemonkey - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-25]
FF Extension: Adblock Edge - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-01-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-01-18]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\FFExt\light_plugin_firefox
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-24]
CHR Extension: (Google Drive) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (YouTube) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Google Search) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (EagleGet Free Downloader) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-01-24]
CHR Extension: (Gmail) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-3791644838-2506976317-402157581-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-27]
CHR HKU\S-1-5-21-3791644838-2506976317-402157581-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-27]
CHR HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843368 2015-09-04] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avp.exe [194000 2016-01-23] (Kaspersky Lab ZAO)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-04-18] (Microsoft Corp.)
S4 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [File not signed]
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [233472 2015-05-29] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135352 2015-08-07] (ELAN Microelectronics Corp.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-22] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-07-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-07-16] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-05-27] (RealNetworks, Inc.)
S4 Reliance Netconnect. RunOuc; C:\Program Files (x86)\Reliance Netconnect+\UpdateDog\ouc.exe [218624 2014-12-17] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S2 router.exe; C:\windows\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusVBus; C:\Windows\System32\drivers\AsusVBus.sys [39704 2014-09-29] (Windows ® Win 7 DDK provider)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [66840 2014-09-29] (ASUS Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [42152 2015-08-07] (Connectify)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-02-19] (DT Soft Ltd)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77112 2015-05-04] (eagleGet)
R1 epp; C:\EEK\bin64\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-28] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-01-23] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-01-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2016-01-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-01-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-28] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42088 2015-11-13] (Anchorfree Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
U5 REALPLAYERUPDATESVC; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 22:37 - 2016-01-28 22:37 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-01-28 22:35 - 2016-01-28 22:35 - 00016148 _____ C:\WINDOWS\system32\SHAVAK-PC_shavak_HistoryPrediction.bin
2016-01-28 22:24 - 2016-01-28 22:25 - 01250844 _____ C:\Users\shavak\Downloads\processexplorer.zip
2016-01-28 22:13 - 2016-01-28 22:13 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-28 14:16 - 2016-01-28 14:16 - 00000000 ___HD C:\OneDriveTemp
2016-01-27 23:20 - 2016-01-27 23:26 - 00569050 _____ C:\TDSSKiller.3.1.0.9_27.01.2016_23.20.59_log.txt
2016-01-27 23:17 - 2016-01-28 22:09 - 00000000 ____D C:\AdwCleaner
2016-01-27 23:16 - 2016-01-27 23:17 - 01507840 _____ C:\Users\shavak\Downloads\AdwCleaner.exe
2016-01-27 01:16 - 2016-01-27 01:16 - 00651071 _____ C:\Users\shavak\Downloads\labsheet 1.pdf
2016-01-26 20:39 - 2016-01-26 20:39 - 00024735 _____ C:\Users\shavak\Downloads\Pilani-Quiz-schedule (1).pdf
2016-01-26 19:05 - 2016-01-26 19:05 - 00008950 _____ C:\Users\shavak\Downloads\Mother_Database_A7.csv
2016-01-25 20:53 - 2015-12-09 09:09 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-01-25 13:34 - 2016-01-25 13:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0D8D0E1C.sys
2016-01-25 13:32 - 2016-01-25 13:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\409B0D27.sys
2016-01-25 02:43 - 2016-01-25 02:43 - 00000000 ____D C:\Users\shavak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Canary Apps
2016-01-24 20:55 - 2016-01-24 20:55 - 00000766 _____ C:\Users\shavak\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-24 20:54 - 2016-01-24 21:15 - 00000000 ____D C:\EEK
2016-01-24 20:41 - 2016-01-25 02:37 - 00000548 _____ C:\Users\shavak\Desktop\JRT.txt
2016-01-24 20:33 - 2016-01-28 22:16 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-24 20:26 - 2016-01-24 20:26 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-24 19:49 - 2016-01-28 23:04 - 00000000 ____D C:\FRST
2016-01-24 19:47 - 2016-01-28 21:40 - 00002527 _____ C:\Users\shavak\Desktop\Google Chrome Canary.lnk
2016-01-24 11:15 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-01-24 01:42 - 2016-01-28 22:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 01:42 - 2016-01-24 01:42 - 00001142 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-24 01:42 - 2016-01-24 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-24 01:42 - 2016-01-24 01:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-24 01:42 - 2016-01-24 01:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-24 01:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-24 01:42 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-24 01:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-24 01:33 - 2016-01-27 23:29 - 00002032 _____ C:\Users\shavak\Desktop\Rkill.txt
2016-01-24 00:29 - 2016-01-26 19:04 - 00015064 _____ C:\Users\shavak\Downloads\All PS Stations.csv
2016-01-24 00:16 - 2016-01-24 00:16 - 00024368 _____ C:\Users\shavak\Downloads\PS 1 Guide (Summer of 2015).xlsx
2016-01-24 00:14 - 2016-01-24 00:14 - 00137566 _____ C:\Users\shavak\Downloads\PS 1 Guide (Summer of 2015).pdf
2016-01-23 16:55 - 2016-01-23 16:55 - 00002600 _____ C:\Users\shavak\Desktop\Safe Money.lnk
2016-01-23 16:49 - 2016-01-23 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-01-23 16:49 - 2016-01-23 16:48 - 00002266 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-01-23 16:45 - 2016-01-23 17:49 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-01-23 16:45 - 2016-01-23 17:49 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-01-23 16:45 - 2016-01-23 17:02 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-01-23 16:45 - 2016-01-23 16:45 - 00000000 ___SD C:\Users\shavak\Documents\Passwords Database
2016-01-23 16:37 - 2016-01-24 11:08 - 00000000 ____D C:\WINDOWS\ERUNT
2016-01-23 16:37 - 2016-01-23 16:40 - 00000572 _____ C:\DelFix.txt
2016-01-23 16:23 - 2016-01-23 16:23 - 00302011 _____ C:\Users\shavak\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-23 16:22 - 2016-01-23 16:23 - 00536906 _____ C:\Users\shavak\Downloads\apps.diagcab
2016-01-22 21:25 - 2016-01-22 21:25 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-21 18:51 - 2016-01-21 18:51 - 00556197 _____ C:\Users\shavak\Downloads\Letter to a fellow India1.pdf
2016-01-16 23:10 - 2016-01-16 23:10 - 00024735 _____ C:\Users\shavak\Downloads\Pilani-Quiz-schedule.pdf
2016-01-13 11:09 - 2016-01-13 11:09 - 00009510 _____ C:\Users\shavak\Documents\Model1.xlsx
2016-01-12 14:49 - 2016-01-12 14:49 - 00000000 ____D C:\Users\shavak\AppData\Roaming\DataRecommendations
2016-01-12 14:49 - 2016-01-12 14:49 - 00000000 ____D C:\Users\shavak\AppData\Local\DataRecommendation
2016-01-12 11:46 - 2016-01-12 11:46 - 00174080 _____ C:\Users\shavak\Downloads\pre-reqs.xls
2016-01-12 11:23 - 2016-01-13 16:41 - 00030699 _____ C:\Users\shavak\Downloads\Electives .xls
2016-01-12 00:38 - 2016-01-18 23:37 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 00:36 - 2016-01-18 23:36 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-01-12 00:36 - 2016-01-18 23:36 - 00002085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-01-12 00:36 - 2016-01-12 00:36 - 00002062 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-01-10 10:54 - 2016-01-10 10:54 - 00074981 _____ C:\Users\shavak\Downloads\TIME_TABLE_II_SEM_15_16'.pdf
2016-01-10 10:52 - 2016-01-10 10:52 - 06295281 _____ C:\Users\shavak\Downloads\TIME_TABLE_II_SEM_15_16.pdf
2016-01-09 17:59 - 2016-01-09 17:59 - 00024921 _____ C:\Users\shavak\Downloads\Scorpion.S02E13.HDTV.LOL.en.zip
2016-01-09 16:21 - 2016-01-09 16:21 - 00029444 _____ C:\Users\shavak\Downloads\Elementary.S04E07.HDTV.LOL.en_2.zip
2016-01-08 11:28 - 2016-01-09 16:21 - 00077839 _____ C:\Users\shavak\Downloads\Elementary.S04E07.HDTV.LOL.en.srt
2016-01-05 17:45 - 2016-01-09 17:59 - 00065261 _____ C:\Users\shavak\Downloads\Scorpion.S02E13.HDTV.LOL.en.srt
2016-01-05 06:53 - 2016-01-05 06:53 - 00136950 ____N C:\Users\shavak\Downloads\The.Big.Short.2015.DVDScr.XVID.AC3.HQ.Hive-CM8.srt
2016-01-02 04:53 - 2016-01-02 15:53 - 00113704 _____ C:\Users\shavak\Downloads\Sherlock.The Abominable Bride.720p HDTV x264-FoV.srt
2015-12-31 01:52 - 2015-12-31 01:52 - 00000000 ___HD C:\$WINDOWS.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 23:04 - 2015-04-27 16:19 - 00000000 ____D C:\Users\shavak\Documents\EGDownloads
2016-01-28 22:59 - 2015-09-25 13:35 - 00000000 ____D C:\Users\shavak\Downloads\DC Downloads
2016-01-28 22:58 - 2014-10-06 17:35 - 00000000 ____D C:\Users\shavak\AppData\Roaming\vlc
2016-01-28 22:58 - 2014-10-06 14:14 - 00000000 ____D C:\Users\shavak\AppData\Roaming\DC++
2016-01-28 22:55 - 2015-05-04 15:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-28 22:40 - 2014-11-13 01:30 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA1cffeb3450fab73.job
2016-01-28 22:35 - 2014-10-28 21:24 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA.job
2016-01-28 22:32 - 2014-11-14 23:20 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d000336dddb376.job
2016-01-28 22:25 - 2014-09-24 23:12 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 22:02 - 2015-04-17 14:24 - 00000000 ____D C:\Users\shavak\AppData\Roaming\Skype
2016-01-28 21:40 - 2014-10-28 21:56 - 00002535 _____ C:\Users\shavak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-01-28 21:06 - 2015-01-07 13:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-28 15:33 - 2015-08-07 01:53 - 00000000 ____D C:\Users\shavak
2016-01-28 14:16 - 2015-08-07 01:49 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-28 14:16 - 2014-10-03 00:27 - 00000000 ___RD C:\Users\shavak\OneDrive
2016-01-28 14:16 - 2014-10-02 23:31 - 00000000 __SHD C:\Users\shavak\IntelGraphicsProfiles
2016-01-28 14:15 - 2014-09-24 23:12 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 14:00 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-28 13:50 - 2015-01-11 14:41 - 00000575 _____ C:\WINDOWS\SysWOW64\router.xml
2016-01-28 13:47 - 2015-07-10 17:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-28 13:47 - 2015-07-10 14:35 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-28 11:45 - 2014-10-06 14:14 - 00000000 ____D C:\Users\shavak\AppData\Local\DC++
2016-01-27 23:40 - 2014-10-28 21:24 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002Core.job
2016-01-27 19:01 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-27 18:12 - 2015-08-07 02:14 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-27 18:12 - 2015-07-10 16:32 - 00000000 ____D C:\WINDOWS\INF
2016-01-27 18:12 - 2014-08-22 22:37 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-27 18:00 - 2015-01-11 14:39 - 00000502 _____ C:\WINDOWS\Tasks\Connectify Update.job
2016-01-26 22:21 - 2014-10-03 14:22 - 00000000 ____D C:\Users\shavak\Desktop\Acads
2016-01-25 14:17 - 2015-11-28 20:53 - 00000000 ____D C:\Users\shavak\AppData\Roaming\TunnelBear
2016-01-25 14:17 - 2014-08-22 22:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-24 12:07 - 2015-09-18 12:00 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-23 17:49 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-01-23 17:49 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-01-23 16:51 - 2015-08-07 01:54 - 00000000 ____D C:\Users\UpdatusUser
2016-01-23 16:49 - 2015-01-07 13:11 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-23 16:48 - 2015-07-10 14:35 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-23 16:45 - 2013-08-22 19:06 - 00000000 ____D C:\Users\Default.migrated
2016-01-23 16:30 - 2015-11-29 09:04 - 00000000 ____D C:\Program Files\OpenVPN
2016-01-23 16:30 - 2015-11-28 21:09 - 00000000 ____D C:\Program Files\TAP-Windows
2016-01-23 16:24 - 2014-12-25 22:45 - 00000000 ____D C:\Users\shavak\AppData\Local\ElevatedDiagnostics
2016-01-22 21:25 - 2015-07-10 16:34 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 21:25 - 2015-07-10 16:34 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-22 21:20 - 2015-02-19 15:22 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-22 20:56 - 2014-09-24 22:31 - 00000000 ____D C:\Users\shavak\AppData\Local\Packages
2016-01-20 12:44 - 2015-05-04 15:28 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-19 21:30 - 2014-10-06 15:19 - 00001856 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-01-18 16:07 - 2014-12-13 19:04 - 00000000 ____D C:\Users\shavak\AppData\Roaming\BitTorrent
2016-01-18 16:06 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-01-16 21:30 - 2014-10-03 00:05 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-13 21:35 - 2015-07-10 17:50 - 00383792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-12 09:48 - 2014-11-24 23:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-12 00:34 - 2014-09-24 21:08 - 00000000 ____D C:\ProgramData\Adobe
2016-01-12 00:34 - 2014-09-24 21:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-06 20:18 - 2014-10-06 14:15 - 00000000 ____D C:\Users\shavak\Downloads\Movies
2016-01-06 19:58 - 2014-10-12 13:23 - 00000000 ____D C:\Users\shavak\Downloads\Series
2016-01-03 00:01 - 2015-07-10 16:34 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-31 11:22 - 2015-08-07 15:12 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-31 01:52 - 2015-07-10 14:37 - 00000000 ____D C:\WINDOWS\Logs
2015-12-30 01:34 - 2015-08-07 02:29 - 00000000 ____D C:\Users\shavak\AppData\Local\Comms
2015-12-30 01:02 - 2015-11-10 14:49 - 00000000 ____D C:\Users\shavak\Downloads\[Desi8389] Kailash Kher - Kailasa - {320 kbps 2006 MP3 VBR}

==================== Files in the root of some directories =======

2015-07-27 23:38 - 2015-07-27 23:51 - 0000077 _____ () C:\Users\shavak\AppData\Roaming\Rim.Desktop.Exception.log
2015-07-27 23:36 - 2015-07-27 23:36 - 0001111 _____ () C:\Users\shavak\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-07-27 23:38 - 2015-07-27 23:51 - 0000077 _____ () C:\Users\shavak\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-24 22:32 - 2015-08-07 01:14 - 1066329 _____ () C:\Users\shavak\AppData\Local\BTServer.log
2014-12-28 01:56 - 2014-12-28 01:56 - 0004608 _____ () C:\Users\shavak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-11 03:24 - 2015-04-11 03:25 - 0000600 _____ () C:\Users\shavak\AppData\Local\PUTTY.RND
2015-05-11 12:06 - 2015-11-26 15:48 - 0007649 _____ () C:\Users\shavak\AppData\Local\resmon.resmoncfg
2015-08-07 01:48 - 2015-08-07 01:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-28 13:58

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by shavak (2016-01-28 23:07:59)
Running from C:\Users\shavak\Documents\EGDownloads
Windows 10 Home (X64) (2015-08-06 20:58:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3791644838-2506976317-402157581-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3791644838-2506976317-402157581-503 - Limited - Disabled)
Guest (S-1-5-21-3791644838-2506976317-402157581-501 - Limited - Disabled)
shavak (S-1-5-21-3791644838-2506976317-402157581-1002 - Administrator - Enabled) => C:\Users\shavak
UpdatusUser (S-1-5-21-3791644838-2506976317-402157581-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Android USB Drivers (HKLM\...\{D3A8B9D5-EEE5-4F2A-9EDE-7EC3AADDA5D4}) (Version: 1.0.6351 - ASUSTeK Computer Inc.)
ASUS PC Link (HKLM-x32\...\{077B24F1-B87A-4C57-AE35-E463A389D7FE}_is1) (Version: 1.22.24.1212 - ASUSTEK)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.423.0 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
CCleaner (HKLM-x32\...\CCleaner_is1) (Version: 5.0.0.5050 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}) (Version: 47.0.2526.18 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
EagleGet version 2.0.3.9 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.3.9 - EagleGet)
ELAN Touchpad 11.15.0.14_X64 (HKLM\...\Elantech) (Version: 11.15.0.14 - ELAN Microelectronic Corp.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Firefox Developer Edition 42.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 42.0a2 (x86 en-US)) (Version: 42.0a2 - Mozilla)
Google App Engine (HKLM-x32\...\{AE01091A-007D-11DD-A3C1-001636EEECBD}) (Version: 1.9.26.0 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Google Chrome SxS) (Version: 50.0.2633.0 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome SxS) (Version: 50.0.2633.0 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.17 - Oracle Corporation)
Kaspersky Internet Security Technical Preview (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security Technical Preview (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.17.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5716 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.0dev1_win_20141113105904 - MusicBrainz)
Nitro Pro 9 (HKLM\...\{A6271AA9-43EE-45DC-A727-820C38076145}) (Version: 9.5.2.29 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Python 2.7.8 (64-bit) (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56De}) (Version: 2.7.8150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010814 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.0 - RealNetworks)
Reliance Netconnect+ (HKLM-x32\...\Reliance Netconnect+) (Version: 21.005.11.04.114 - Huawei Technologies Co.,Ltd)
Similarity 64-bit 1.8.4 (HKLM\...\{417E6082-592A-4583-B455-ED06591F955A}) (Version: 1.8.1694 - GAR Software)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Soundcloud Playlist Downloader (HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\35cf6f8efa605d1f) (Version: 1.0.0.36 - Soundcloud Playlist Downloader)
Soundcloud Playlist Downloader (HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\35cf6f8efa605d1f) (Version: 1.0.0.36 - Soundcloud Playlist Downloader)
Spotify (HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Spotify (HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
StageLight (HKLM\...\StageLight) (Version: 1.3.0.4350 - Open Labs, LLC.)
SWI-Prolog (remove only) (HKLM\...\SWI-Prolog) (Version:  - )
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\shavak\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\shavak\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01867F62-C4BF-40A9-ABE5-0755695DA63D} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {097DA7BD-FF6F-48A1-9F6D-F963E91468E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0B6FAE85-9D25-467C-9186-16BEC57B195B} - System32\Tasks\Connectify Update => Wscript.exe //nologo //B //E:jscript "C:\Users\shavak\AppData\Roaming\Connectify\settings.ini" <==== ATTENTION
Task: {11F7BC43-4180-4CF8-B0BA-8B9B26F44BB3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {1685E3D2-5DDC-4BE7-9727-3D72C9F56EFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {17113281-90C0-4995-8ED4-FBBDBF13C393} - System32\Tasks\GoogleUpdateTaskMachineUA1d000336dddb376 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {174C7A72-14F7-4D74-A16A-87D9F123FBEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D1274A0-FFC9-4346-A4D5-E9230BFDEB5E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {2F398268-389A-4938-B744-BFF2EA33CBA9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA1cffeb3450fab73 => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3CA0A0DA-EC93-4E49-A677-0C177D51BB98} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {42B8C9A3-0217-43B8-8EEA-239BBBAF8D66} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CD5B98-423B-4033-A1FC-1A5DF8A9F3E9} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
Task: {7422DA47-8FCD-4F62-B85C-908E883AA0F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002Core => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {760C4800-CA8C-4EFD-87DD-9BCAD3CA0E67} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\shavak\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
Task: {76D2CEA8-C33F-4263-B493-24B4CFFF861A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {7C90ACE4-2C2F-426C-AC42-131725779EA9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8A746FA9-FFA1-4384-8666-2F68C9D16F9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {8C75B8CD-F209-4541-90AF-12DA3196F725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93E33186-5C6A-411A-AA3F-AAB072A5ED05} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9CBC1482-78A7-4FF0-A6A7-895D53DEE8B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A9D77282-8398-48F2-ACFA-EB0A8D5462D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-01-19] (Microsoft Corporation)
Task: {AC8EFF45-B3C2-499F-A9F4-F6E4A6180B09} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {BD64FA2D-65FF-48E2-A6E1-403CEB37274D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BE8D98F8-1A2F-41B5-897B-CF599CA75377} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C8582AF8-D735-45C3-A051-F0B14DFABC36} - System32\Tasks\{2F1AA938-36A6-4EC8-A60F-0AE766787608} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.3.0.101&amp;LastError=12002
Task: {CE20E07C-2F04-40C5-8982-3AB4923993F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EB31A3C7-677E-4F22-8A25-0655AE6D0B5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EC3CA266-96AD-4823-A887-747099FF9977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {ECEE1534-023C-47C8-A60C-4B89DEC23B72} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {F098893D-5364-4E08-9DC0-7E0BB05A8107} - System32\Tasks\{06808984-C795-4BFF-A956-CF1E731BDAC9} => pcalua.exe -a C:\Users\shavak\AppData\Roaming\soundcloud-musicaudio-515e62acb4534adf9d67bd67c3aef5e8\uninstall\webapp-uninstaller.exe
Task: {F1D8AD22-0ADE-405E-8C7B-77AC8BDB9005} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {F342541B-E800-4670-848A-7916CEE5F693} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Connectify Update.job => Wscript.exe S/nologo /B /E:jscript C:\Users\shavak\AppData\Roaming\Connectify\settings.ini <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d000336dddb376.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002Core.job => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA.job => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA1cffeb3450fab73.job => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 16:30 - 2015-07-10 16:30 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-07 15:07 - 2015-08-07 15:07 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-07 01:47 - 2015-07-23 06:40 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-11 22:30 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-08-07 15:07 - 2015-08-07 15:07 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2011-03-14 20:57 - 2011-03-14 20:57 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-04-27 16:11 - 2015-05-29 03:44 - 00233472 _____ () C:\Program Files (x86)\EagleGet\EGMonitor.exe
2014-08-22 23:25 - 2012-04-24 16:13 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-08-07 15:07 - 2015-08-07 15:07 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-07 15:07 - 2015-08-07 15:07 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 21:16 - 2016-01-18 04:37 - 08913088 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-04-16 01:43 - 2015-04-16 01:43 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-10 16:29 - 2015-07-10 16:29 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 16:29 - 2015-07-10 16:29 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-04-07 01:40 - 2015-04-07 01:40 - 08832000 _____ () C:\Program Files\DC++\DCPlusPlus.exe
2013-06-06 21:13 - 2013-06-06 21:13 - 00278528 _____ () C:\Users\shavak\Documents\EGDownloads\iFeelPowerful-x64.dll
2015-12-21 22:41 - 2015-12-21 22:41 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-21 22:41 - 2015-12-21 22:41 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-12-21 22:41 - 2015-12-21 22:41 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-08-07 15:07 - 2015-08-07 15:07 - 06576640 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 16:30 - 2015-07-10 18:44 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-07 15:07 - 2015-08-07 15:07 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-07 15:07 - 2015-08-07 15:07 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 16:30 - 2015-07-10 18:44 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00143891 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 02750483 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00618515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00079379 _____ () C:\Program Files\VideoLAN\VLC\libgcc_s_seh-1.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00035347 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00083987 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00075795 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 02479123 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00111123 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00259603 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00083475 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00051731 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00066579 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00672275 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00825363 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00132627 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00047635 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00142867 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 01597459 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00341523 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 01478163 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00051731 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00060435 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00044051 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00229907 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 12272659 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00042003 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00755731 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00136723 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00026131 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00323091 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00345619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 01513491 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00837139 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00331795 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00025107 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00042003 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00048659 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00430099 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00020499 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00192019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 01805331 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00418835 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00455699 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00127507 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 14624275 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00887315 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00043027 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00030227 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00751635 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00033811 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00123923 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00059923 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00038931 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00052243 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00035347 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00045587 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00035347 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00026643 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00059923 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 00032275 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll
2015-04-16 19:46 - 2015-04-16 19:46 - 01507859 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-16 19:45 - 2015-04-16 19:45 - 00300563 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libatmo_plugin.dll
2015-08-09 20:10 - 2015-08-09 20:10 - 00109568 _____ () C:\Users\shavak\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook.Ba70e54e13#\3dc582656af5498317337008ba78e58b\Facebook.BackgroundTasks.ni.dll
2015-08-09 20:09 - 2015-08-09 20:09 - 04090880 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\8102815d76e6030e805736776a4c1a69\Windows.ApplicationModel.ni.dll
2015-08-09 20:10 - 2015-08-09 20:10 - 01054208 _____ () C:\Users\shavak\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Win8-Base\06963632c7ce53df1d3eaac5f17f4cb0\Facebook-Win8-Base.ni.dll
2015-08-09 20:10 - 2015-08-09 20:10 - 00557568 _____ () C:\Users\shavak\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Base\91ad8bf9710c23259214e21118e905a3\Facebook-Base.ni.dll
2015-08-09 20:10 - 2015-08-09 20:10 - 05081600 _____ () C:\Users\shavak\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Services\b3f6432c874bc085ef15258272a9d573\Facebook-Services.ni.dll
2015-08-09 20:10 - 2015-08-09 20:10 - 01098752 _____ () C:\Users\shavak\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Models\cdc0e9a4cde624335da248f6f741c3c5\Facebook-Models.ni.dll
2015-08-09 20:09 - 2015-08-09 20:09 - 01193472 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\21996b4dd51bc6e5816f43dc24ab7dd7\Windows.Storage.ni.dll
2015-11-24 01:01 - 2015-11-24 01:01 - 00961536 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\09eee5c073524c2fddb40189ba516689\Windows.Security.ni.dll
2015-11-24 01:01 - 2015-11-24 01:01 - 00497152 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\c5b0fe5651649c3c8425c496f991798f\Windows.Foundation.ni.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\kpcengine.2.3.dll
2015-04-27 16:11 - 2015-05-29 03:44 - 00999424 _____ () C:\Program Files (x86)\EagleGet\util.dll
2015-04-27 16:11 - 2014-07-18 03:43 - 00397312 _____ () C:\Program Files (x86)\EagleGet\sqlite3.dll
2015-02-13 01:06 - 2015-07-21 21:43 - 00715000 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2014-08-22 22:37 - 2013-09-17 00:50 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-28 14:16 - 2016-01-28 14:16 - 00098816 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32api.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00110080 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\pywintypes27.dll
2016-01-28 14:16 - 2016-01-28 14:16 - 00364544 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\pythoncom27.dll
2016-01-28 14:16 - 2016-01-28 14:16 - 00046080 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_socket.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 01208320 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_ssl.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00320512 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32com.shell.shell.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00776704 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_hashlib.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 01176576 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._core_.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00806400 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._gdi_.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00816128 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._windows_.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 01067008 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._controls_.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00733184 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._misc_.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00682496 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\pysqlite2._sqlite.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00088064 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_ctypes.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00119808 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32file.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00108544 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32security.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00007168 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\hashobjs_ext.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00017920 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\thumbnails_ext.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00079360 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\usb_ext.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00167936 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32gui.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00018432 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32event.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00128512 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_elementtree.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00127488 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\pyexpat.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00013824 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\common.time34.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00036864 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_psutil_windows.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00038912 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32inet.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00525640 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\windows._lib_cacheinvalidation.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00011264 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32crypt.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00077312 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._html2.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00027136 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_multiprocessing.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00020480 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\_yappi.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00035840 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32process.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00686080 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\unicodedata.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00123392 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._wizard.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00024064 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32pipe.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00010240 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\select.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00025600 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32pdh.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00017408 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32profile.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00022528 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\win32ts.pyd
2016-01-28 14:16 - 2016-01-28 14:16 - 00078848 _____ () C:\Users\shavak\AppData\Local\Temp\_MEI146202\wx._animate.pyd
2014-10-16 01:29 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\shavak\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2015-02-17 22:18 - 2015-02-17 22:11 - 00107520 _____ () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2015-12-18 21:12 - 2015-12-18 21:12 - 26886328 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\sqlite.dll
2015-12-18 21:12 - 2015-12-18 21:12 - 50708664 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\libcef.dll
2016-01-22 21:16 - 2016-01-18 03:31 - 08913088 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-04-27 16:11 - 2015-05-29 03:44 - 00220672 _____ () C:\Program Files (x86)\EagleGet\CrashRpt.dll
2015-04-27 16:11 - 2013-09-15 23:01 - 00053760 _____ () C:\Program Files (x86)\EagleGet\zlib.dll
2015-04-27 16:11 - 2015-05-29 03:44 - 00832000 _____ () C:\Program Files (x86)\EagleGet\ssl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2016-01-24 20:24 - 00000766 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3791644838-2506976317-402157581-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3791644838-2506976317-402157581-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\shavak\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\52752.jpg
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\shavak\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\52758.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: Reliance Netconnect. RunOuc => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "Connectify Dispatch"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "RtsFT"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "EagleGet"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EagleGet"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{39ECE683-B690-4FEE-B2EA-745E36AB7138}] => (Allow) LPort=4482
FirewallRules: [{F0901265-6E5A-4918-96CD-F8A18DB56D23}] => (Allow) LPort=4482
FirewallRules: [{49042E0D-05F5-4A27-95A2-1BB9A5034BA5}] => (Allow) LPort=4481
FirewallRules: [{F995D2AB-70F0-444E-91D5-1C6240BE4429}] => (Allow) LPort=4481
FirewallRules: [{B38D1C25-D13E-4CF5-8BEC-64739CFEA8E8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{D4C46CE3-C9AB-4A22-9DA6-63EEA83BE0C3}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4249AA70-60E5-4089-8CE3-E18C32B23048}] => (Allow) C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AB05DF13-D3C3-45BA-9FE3-0C91D4F9A380}] => (Allow) C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{259E7FB7-37B0-4964-9D81-0020BA8491D1}] => (Allow) C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E9820404-FD2F-4C6C-8A8F-A9C6E9CAB02D}] => (Allow) C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2FC1B8D1-804E-49C2-93C5-9F7A22213A8D}] => (Allow) C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3CA94A17-1FD3-487A-9074-D59CEE119E82}] => (Allow) C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5045734C-CF39-488E-AE7F-F9DA8A55F919}] => (Allow) C:\Users\shavak\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CE2A4FDB-4715-4DC4-BCE2-9C17ED190F74}] => (Allow) C:\Users\shavak\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{D1F79B2D-3ED4-42B3-8CB6-BD52602FB185}] => (Allow) C:\Users\shavak\AppData\Local\Maelstrom\Application\maelstrom.exe
FirewallRules: [UDP Query User{D3C17740-5E7D-45A5-B995-BEC9EBD05BC6}C:\users\shavak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shavak\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7BD4C2BF-5539-4265-8E40-C42F7D1B90C6}C:\users\shavak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shavak\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1A4FB3CE-4A0F-4F11-8906-63DFC7A66D3C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E1AD8972-4602-4629-9598-35550A317AB1}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{DD7CAD71-856B-4FB4-ACD7-1815EE4147E5}] => (Allow) C:\Users\shavak\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{73B390F4-1307-4314-B5DB-66632E116A49}] => (Allow) C:\Users\shavak\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{B752A8C7-C905-431D-A8E8-5A5124520113}] => (Allow) C:\Users\shavak\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{6E6A0CB3-4D5A-4903-9C78-B8B5D10A4148}] => (Allow) C:\Users\shavak\AppData\Local\Torch\Application\torch.exe
FirewallRules: [UDP Query User{1D528BB8-F414-43D0-B699-DDB80064D6AB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{66C4E688-83D5-447B-85A9-60E82707410A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B72CEE4D-E34A-41F8-8867-2FB2E11F485B}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{2EF24086-0A09-4B12-8AB8-F40E7D4F27EB}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{891D1F8C-3563-415D-B61E-B65060EF82F4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{0E9A85A6-C948-42C6-BC87-405A09FEA059}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{FFC3FB5D-20F9-4961-9567-E6A46FD330B5}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{8D230711-8B45-45D7-B54E-A8BCF538E4EC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{9F45DB16-F78D-4981-A2EF-9EC5D640D27D}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{96CE0B7E-1D94-434D-A716-E4493172C975}] => (Allow) C:\Program Files (x86)\Aurora\firefox.exe
FirewallRules: [{D96AA742-E50B-43B2-BC20-AF23411016AC}] => (Allow) C:\Program Files (x86)\Aurora\firefox.exe
FirewallRules: [UDP Query User{86218483-83EB-44BB-9C25-8CE513E5E561}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [TCP Query User{00E6CD7D-AD33-44A8-9200-6F2DDB3748D3}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [UDP Query User{616339AB-6301-4587-863D-40658CD187A1}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [TCP Query User{C86CEAAE-89A8-4B74-95D6-2CA4E6157F43}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [{5CD59813-4B46-4330-A4C1-2CADF9BAE56D}] => (Block) C:\program files (x86)\aurora\firefox.exe
FirewallRules: [{089DCB9C-1151-4412-8F4B-60CF89B86261}] => (Block) C:\program files (x86)\aurora\firefox.exe
FirewallRules: [UDP Query User{ED22DB41-CF1F-40B2-B3CE-BC2D7AF5EA77}C:\program files (x86)\aurora\firefox.exe] => (Allow) C:\program files (x86)\aurora\firefox.exe
FirewallRules: [TCP Query User{50FDF7ED-3D2E-4EC7-AF67-5808A1BEA835}C:\program files (x86)\aurora\firefox.exe] => (Allow) C:\program files (x86)\aurora\firefox.exe
FirewallRules: [UDP Query User{40E13D8B-3592-4198-9266-79BB2FD6A85E}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{94570284-8960-4629-9709-E5303BFC823E}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{454A09F8-AEEC-4880-A3D7-FF34BB16AF42}] => (Allow) C:\windows\SysWOW64\router.exe
FirewallRules: [{2E6C2E25-7252-429E-B549-D8060B68EC24}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{69E69ECE-DE3D-40AB-8B48-6C942EBA1F4C}] => (Allow) LPort=55100
FirewallRules: [{FAA0F718-DDDE-452F-9253-A22A622B20AA}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{82F50D8A-D193-402D-BED1-B5246C84E4CF}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2CE1EF44-FB59-430C-9AC6-4A21ABB40069}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7F3B826D-6730-4187-942F-0F2FC77E973D}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A474EBD7-DDE1-4C08-963C-D8E63776CB26}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{E778E9EE-0F23-4B1F-B495-D78D1724F3A1}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{2BC4DD3B-98AC-40BC-82DE-72DE91BFBAF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{889F8333-D914-49A7-B4A1-F50B169DE1F4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1252356B-86FA-44D7-BDDC-48CB17F17DB1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{501484FB-6950-45A4-96FB-631F31B8234B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{732F8B3F-052D-43B8-BF1C-E721D35090D5}] => (Allow) LPort=1688
FirewallRules: [{0AADF286-188E-457B-A6C2-EBC2AFE30633}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{90045A07-D70D-4F86-A7F8-53227D6E99CA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1BB054F4-125D-492F-A5DE-3CAA6CB0778F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{DB84F4DF-75FC-413F-BC9A-4E1F71692EA0}C:\users\shavak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shavak\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E9A2FF10-889B-407B-8B7E-665738180FAB}C:\users\shavak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shavak\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B482CE78-7A2F-4D31-ABC6-A81EAB669366}C:\users\shavak\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shavak\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{A10132A9-6E8D-482D-AB0E-E78C8CF54C0F}C:\users\shavak\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\shavak\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{D2FA3FB9-3E8E-4E58-97AE-D6C69CA6B03B}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
FirewallRules: [{C8425060-B167-45F7-8E8E-D6E9F5495C45}] => (Allow) C:\Program Files (x86)\Train Simulator 2016\Launcher.exe
FirewallRules: [{A0EFF733-DAAE-44FA-ABA2-043663446F94}] => (Allow) C:\Program Files (x86)\Train Simulator 2016\Launcher.exe
FirewallRules: [TCP Query User{C45C04E4-9DC2-43A2-95AD-9CA3289BF288}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F22FE3A4-4431-4792-BC73-46BFCBF22DCE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AD0B2224-6264-4514-9D9E-983E68F8F66F}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{7F51CD15-6257-43D6-A8D3-3D0FE1886A94}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [{F0B68E29-78D0-4BDF-98CA-48FE2798A836}] => (Block) C:\python27\python.exe
FirewallRules: [{D030C139-E096-4585-9A31-7E0E25FA22A6}] => (Block) C:\python27\python.exe
FirewallRules: [{DA20C211-4B63-4C9F-963D-1B70A3511EAF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 11:11:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:26:13Z. Error Code: 0x80041318.

Error: (01/28/2016 11:10:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:25:43Z. Error Code: 0x80041318.

Error: (01/28/2016 11:10:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:26:13Z. Error Code: 0x80041318.

Error: (01/28/2016 11:09:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:26:16Z. Error Code: 0x80041318.

Error: (01/28/2016 11:08:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:25:46Z. Error Code: 0x80041318.

Error: (01/28/2016 11:08:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:26:16Z. Error Code: 0x80041318.

Error: (01/28/2016 11:07:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:25:46Z. Error Code: 0x80041318.

Error: (01/28/2016 11:07:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:26:16Z. Error Code: 0x80041318.

Error: (01/28/2016 11:06:46 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:25:46Z. Error Code: 0x80041318.

Error: (01/28/2016 11:06:16 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-02-27T17:26:16Z. Error Code: 0x80041318.


System errors:
=============
Error: (01/28/2016 08:51:21 PM) (Source: DCOM) (EventID: 10010) (User: SHAVAK-PC)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.3

Error: (01/28/2016 08:51:11 PM) (Source: DCOM) (EventID: 10010) (User: SHAVAK-PC)
Description: App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca

Error: (01/28/2016 04:01:17 PM) (Source: DCOM) (EventID: 10010) (User: SHAVAK-PC)
Description: WindowsDefaultLockScreen

Error: (01/28/2016 02:39:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Network Routing service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2016 02:36:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48.

Error: (01/28/2016 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48.

Error: (01/28/2016 02:32:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48.

Error: (01/28/2016 02:31:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/28/2016 02:31:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/28/2016 02:31:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.


CodeIntegrity:
===================================
  Date: 2016-01-28 14:00:13.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-28 09:37:34.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-26 12:32:27.724
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 21:42:55.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-23 20:39:32.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-21 01:25:45.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-19 22:34:50.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-16 21:26:41.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-11 18:36:32.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-08 22:04:48.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 8084.27 MB
Available physical RAM: 3492.69 MB
Total Virtual: 16276.27 MB
Available Virtual: 10676.49 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.58 GB) (Free:184.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 04B49FD5)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 29 January 2016 - 02:57 PM

Hello 

shavak1997

 

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[attachment=176123:fixlist.txt]

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 shavak1997

shavak1997
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 31 January 2016 - 11:35 PM

Hi,

 

I ran both the fixes but the problem still seems to persist. The logs are attached below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by shavak (2016-01-31 10:20:10) Run:1
Running from C:\Users\shavak\Documents\EGDownloads
Loaded Profiles: UpdatusUser & shavak (Available Profiles: UpdatusUser & shavak)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Toolbar: HKU\S-1-5-21-3791644838-2506976317-402157581-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF ProfilePath: C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default
FF NetworkProxy: "type", 0);user_pref("network.proxy.type", 0);user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}"
U5 REALPLAYERUPDATESVC; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {097DA7BD-FF6F-48A1-9F6D-F963E91468E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1685E3D2-5DDC-4BE7-9727-3D72C9F56EFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {174C7A72-14F7-4D74-A16A-87D9F123FBEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {42B8C9A3-0217-43B8-8EEA-239BBBAF8D66} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {760C4800-CA8C-4EFD-87DD-9BCAD3CA0E67} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\shavak\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
Task: {7C90ACE4-2C2F-426C-AC42-131725779EA9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8C75B8CD-F209-4541-90AF-12DA3196F725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93E33186-5C6A-411A-AA3F-AAB072A5ED05} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9CBC1482-78A7-4FF0-A6A7-895D53DEE8B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD64FA2D-65FF-48E2-A6E1-403CEB37274D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BE8D98F8-1A2F-41B5-897B-CF599CA75377} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB31A3C7-677E-4F22-8A25-0655AE6D0B5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Connectify Update.job => Wscript.exe S/nologo /B /E:jscript C:\Users\shavak\AppData\Roaming\Connectify\settings.ini <==== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
FF ProfilePath: C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default => FRST is scripted not to move this directory.
Firefox Proxy settings were reset.
REALPLAYERUPDATESVC => service removed successfully
wfpcapture => service removed successfully
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
"HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3791644838-2506976317-402157581-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{097DA7BD-FF6F-48A1-9F6D-F963E91468E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{097DA7BD-FF6F-48A1-9F6D-F963E91468E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1685E3D2-5DDC-4BE7-9727-3D72C9F56EFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1685E3D2-5DDC-4BE7-9727-3D72C9F56EFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{174C7A72-14F7-4D74-A16A-87D9F123FBEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174C7A72-14F7-4D74-A16A-87D9F123FBEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B8C9A3-0217-43B8-8EEA-239BBBAF8D66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B8C9A3-0217-43B8-8EEA-239BBBAF8D66}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{760C4800-CA8C-4EFD-87DD-9BCAD3CA0E67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{760C4800-CA8C-4EFD-87DD-9BCAD3CA0E67}" => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Experience Improvement => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Experience Improvement" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C90ACE4-2C2F-426C-AC42-131725779EA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C90ACE4-2C2F-426C-AC42-131725779EA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C75B8CD-F209-4541-90AF-12DA3196F725}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C75B8CD-F209-4541-90AF-12DA3196F725}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93E33186-5C6A-411A-AA3F-AAB072A5ED05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E33186-5C6A-411A-AA3F-AAB072A5ED05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CBC1482-78A7-4FF0-A6A7-895D53DEE8B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBC1482-78A7-4FF0-A6A7-895D53DEE8B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD64FA2D-65FF-48E2-A6E1-403CEB37274D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD64FA2D-65FF-48E2-A6E1-403CEB37274D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE8D98F8-1A2F-41B5-897B-CF599CA75377}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE8D98F8-1A2F-41B5-897B-CF599CA75377}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB31A3C7-677E-4F22-8A25-0655AE6D0B5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB31A3C7-677E-4F22-8A25-0655AE6D0B5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
C:\WINDOWS\Tasks\Connectify Update.job => moved successfully

==== End of Fixlog 10:20:14 ====

 

# AdwCleaner v5.032 - Logfile created 01/02/2016 at 09:55:56
# Updated 31/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : shavak - SHAVAK-PC
# Running from : C:\Users\shavak\Documents\EGDownloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [820 bytes] ##########
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 02 February 2016 - 10:04 AM

1.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

 

2.

Please run FRST again as you did the first time you ran it. Then post the new FRST.txt it produces.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 shavak1997

shavak1997
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 07 February 2016 - 10:02 AM

Problem Persists.

 

 

Attached herewith:

 

Emsisoft Emergency Kit - Version 11.0
Last update: 04-02-2016 13:40:03
User account: SHAVAK-PC\shavak

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    04-02-2016 13:54:58
C:\ProgramData\Kaspersky Lab\AVP16.0.0\QB\94b45505c1f22b71.klq -> (Quarantine-6)     detected: Gen:Variant.Strictor.97539 (B)
C:\Users\shavak\Documents\EGDownloads\BitTorrent.exe     detected: Application.InstallAd (A)
C:\Users\shavak\Documents\EGDownloads\TorchSetup.exe     detected: Application.Toolbar (A)

Scanned    408379
Found    3

Scan end:    04-02-2016 16:08:59
Scan time:    2:14:01

C:\Users\shavak\Documents\EGDownloads\TorchSetup.exe     Application.Toolbar (A)
C:\Users\shavak\Documents\EGDownloads\BitTorrent.exe     Application.InstallAd (A)

Deleted    2
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by shavak (administrator) on SHAVAK-PC (07-02-2016 20:25:40)
Running from C:\Users\shavak\Documents\EGDownloads
Loaded Profiles: UpdatusUser & shavak (Available Profiles: UpdatusUser & shavak)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avp.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avpui.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Update\1.3.29.2\GoogleCrashHandler.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Update\1.3.29.2\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\DC++\DCPlusPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Aurora\firefox.exe
(Google Inc.) C:\Users\shavak\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Aurora\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3233976 2015-08-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2367704 2014-04-18] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-14] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2015-05-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-03] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Google Update] => C:\Users\shavak\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\Eagleget.exe [1856000 2015-05-29] (EagleGet.com)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Spotify] => C:\Users\shavak\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-18] (Spotify Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [BitTorrent] => C:\Users\shavak\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\Run: [Spotify Web Helper] => C:\Users\shavak\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-18] (Spotify Ltd)
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\MountPoints2: {1be9bef0-86ba-11e5-82f8-28d244c83de6} - "G:\AutoRun.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\MountPoints2: {72f03e60-b81a-11e4-82a5-28d244c83de6} - "F:\O16Setup.EXE"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\...\MountPoints2: {cbc243cc-a328-11e5-82fc-28d244c83de6} - "G:\AutoRun.exe"
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\Users\shavak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-3791644838-2506976317-402157581-1002] => hxxp://xn--koa.net/proxy.pac
Tcpip\..\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}: [DhcpNameServer] 172.24.2.71
Tcpip\..\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}: [DhcpNameServer] 172.20.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2015-05-29] (EagleGet.com)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-11-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default
FF NetworkProxy: "type", 0);user_pref("network.proxy.type", 0);user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20140923-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20141028-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20141231-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150704-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150706-0655 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150824-1522 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20151023-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.0.112 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-05-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.0.112 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-05-27] (RealTimes)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\shavak\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @talk.google.com/O1DPlugin -> C:\Users\shavak\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @tools.google.com/Google Update;version=3 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: @tools.google.com/Google Update;version=9 -> C:\Users\shavak\AppData\Local\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2015-05-29] (EagleGet)
FF Plugin HKU\S-1-5-21-3791644838-2506976317-402157581-1002: eagleget.com/EagleGet64_x86_64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [2015-05-29] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Users\shavak\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shavak\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Greasemonkey - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-08] [not signed]
FF Extension: Tab Mix Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-08] [not signed]
FF Extension: WOT - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-10-08] [not signed]
FF Extension: Tab notifier - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\tabnotifier@unusoft.it.xpi [2014-10-08] [not signed]
FF Extension: S3.Google Translator - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\s3google@translator.xpi [2014-10-08] [not signed]
FF Extension: IOS7 New Tab - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\ios7newtab@gmail.com [2014-10-08] [not signed]
FF Extension: GDrive Panel - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\gdrivepanel@alejandrobrizuela.com.ar.xpi [2014-10-08] [not signed]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\extensions\donottrackplus@abine.com [2014-10-08] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\FFExt\light_plugin_firefox [2016-01-23]
FF Extension: Disconnect - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\2.0@disconnect.me.xpi [2014-10-03] [not signed]
FF Extension: auto-plugin-checker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\auto-plugin-checker@jetpack.xpi [2014-10-03] [not signed]
FF Extension: CompassMenu - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\compass_menu@tatapa.org.xpi [2014-10-03] [not signed]
FF Extension: ERail Plugin for Firefox - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Webmail Ad Blocker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\gmailnoads@mywebber.com.xpi [2014-10-03] [not signed]
FF Extension: Self-Destructing Cookies - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Tab Grenade - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Remove/Crop-to Selection - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\jid1-mMNvppACqZ8HOQ@jetpack.xpi [2014-10-03] [not signed]
FF Extension: Clean Links - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-10-03] [not signed]
FF Extension: Tamper Data - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-10-03] [not signed]
FF Extension: Adblock Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\c2shlyjs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-03] [not signed]
FF Extension: auto-plugin-checker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\auto-plugin-checker@jetpack.xpi [2015-08-26]
FF Extension: Browsec - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\browsec@browsec.com.xpi [2016-01-23]
FF Extension: CompassMenu - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\compass_menu@tatapa.org.xpi [2015-07-13]
FF Extension: ERail Plugin for Firefox - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi [2015-07-21]
FF Extension: Session box - Tabs manager - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\fvdmedia@googlemail.com.xpi [2015-07-18]
FF Extension: GDrive Panel - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\gdrivepanel@alejandrobrizuela.com.ar.xpi [2015-07-14]
FF Extension: Webmail Ad Blocker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\gmailnoads@mywebber.com.xpi [2015-09-22]
FF Extension: Self-Destructing Cookies - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-11-27]
FF Extension: One Click Proxy - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-08-26]
FF Extension: Pushbullet - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2016-01-23]
FF Extension: WikiWand: Wikipedia Modernized - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-D7momAzRw417Ag@jetpack.xpi [2015-07-13]
FF Extension: Tab Grenade - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2015-07-24]
FF Extension: Remove/Crop-to Selection - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-mMNvppACqZ8HOQ@jetpack.xpi [2015-07-13]
FF Extension: Skip adf.ly skip!! - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-nSEySa4aWGanbw@jetpack.xpi [2015-07-13]
FF Extension: Google™ Hangouts - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2015-09-22]
FF Extension: YouTube™ AdBlock - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2016-01-23]
FF Extension: Karma Blocker - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\kabl@trac.arantius.com.xpi [2015-09-22]
FF Extension: Rapportive - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\rapportive@rapportive.com.xpi [2015-07-13]
FF Extension: S3.Google Translator - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\s3google@translator.xpi [2016-01-23]
FF Extension: Save Session - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\savesession@noasobi.net.xpi [2015-07-18]
FF Extension: Session Sync - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\session-sync@gabrielivanica.com.xpi [2015-07-18]
FF Extension: Tab notifier - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\tabnotifier@unusoft.it.xpi [2015-07-14]
FF Extension: Session Manager - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-01-23]
FF Extension: Clean Links - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-07-13]
FF Extension: Tamper Data - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-07-14]
FF Extension: Adblock Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-23]
FF Extension: Tab Mix Plus - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-01-23]
FF Extension: Greasemonkey - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-25]
FF Extension: Adblock Edge - C:\Users\shavak\AppData\Roaming\Mozilla\Firefox\Profiles\sugo3kz5.dev-edition-default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-01-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-01-18]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\FFExt\light_plugin_firefox
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-24]
CHR Extension: (Google Drive) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (YouTube) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Google Search) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (EagleGet Free Downloader) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-01-24]
CHR Extension: (Gmail) - C:\Users\shavak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-3791644838-2506976317-402157581-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-27]
CHR HKU\S-1-5-21-3791644838-2506976317-402157581-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-04-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843368 2015-09-04] (Adobe Systems, Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avp.exe [194000 2016-01-23] (Kaspersky Lab ZAO)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2014-04-18] (Microsoft Corp.)
S4 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [File not signed]
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [233472 2015-05-29] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135352 2015-08-07] (ELAN Microelectronics Corp.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-22] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-07-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-07-16] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-05-27] (RealNetworks, Inc.)
S4 Reliance Netconnect. RunOuc; C:\Program Files (x86)\Reliance Netconnect+\UpdateDog\ouc.exe [218624 2014-12-17] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S2 router.exe; C:\windows\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusVBus; C:\Windows\System32\drivers\AsusVBus.sys [39704 2014-09-29] (Windows ® Win 7 DDK provider)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [66840 2014-09-29] (ASUS Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [42152 2015-08-07] (Connectify)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-02-19] (DT Soft Ltd)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77112 2015-05-04] (eagleGet)
R1 epp; C:\EEK\bin64\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-01-23] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-01-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2016-01-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-01-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42088 2015-11-13] (Anchorfree Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 20:19 - 2016-02-07 20:19 - 00016148 _____ C:\WINDOWS\system32\SHAVAK-PC_shavak_HistoryPrediction.bin
2016-02-07 02:13 - 2016-02-07 02:13 - 00000000 ___HD C:\OneDriveTemp
2016-02-06 12:38 - 2016-02-06 12:38 - 00000165 ____H C:\Users\shavak\Documents\~$Model1.xlsx
2016-02-02 09:46 - 2016-02-02 11:12 - 00000570 _____ C:\Users\shavak\Downloads\lab1.c
2016-02-02 01:20 - 2016-02-02 01:20 - 00015064 _____ C:\Users\shavak\Downloads\All PS Stations (4).csv
2016-02-02 01:20 - 2016-02-02 01:20 - 00015064 _____ C:\Users\shavak\Downloads\All PS Stations (3).csv
2016-02-01 22:28 - 2016-02-01 22:28 - 00007713 _____ C:\Users\shavak\Downloads\Mother_Database_A4.csv
2016-02-01 09:52 - 2016-02-01 09:55 - 00000000 ____D C:\AdwCleaner
2016-01-30 21:08 - 2016-01-30 21:08 - 00015064 _____ C:\Users\shavak\Downloads\All PS Stations (2).csv
2016-01-30 21:08 - 2016-01-30 21:08 - 00015064 _____ C:\Users\shavak\Downloads\All PS Stations (1).csv
2016-01-30 19:01 - 2016-01-30 19:01 - 00214473 _____ C:\Users\shavak\Downloads\WU_5091730_201509020809_dnPBy.pdf
2016-01-30 10:59 - 2016-01-30 10:59 - 00001781 _____ C:\Users\shavak\Desktop\chrome - Shortcut.lnk
2016-01-30 01:33 - 2016-01-30 01:33 - 00000000 ____D C:\Users\shavak\AppData\Roaming\VS Revo Group
2016-01-30 01:06 - 2016-01-30 01:06 - 00000000 ____D C:\Users\shavak\AppData\Local\VS Revo Group
2016-01-30 01:05 - 2016-01-30 01:05 - 00001133 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-01-30 01:05 - 2016-01-30 01:05 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-30 01:05 - 2016-01-30 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-30 01:05 - 2016-01-30 01:05 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-30 01:05 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-01-29 02:15 - 2016-01-29 02:15 - 00606532 _____ C:\Users\shavak\Downloads\autoruns.zip
2016-01-28 23:08 - 2016-01-28 23:08 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-01-28 22:37 - 2016-01-28 22:37 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-01-28 22:24 - 2016-01-28 22:25 - 01250844 _____ C:\Users\shavak\Downloads\processexplorer.zip
2016-01-28 22:13 - 2016-01-28 22:13 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-27 23:20 - 2016-01-27 23:26 - 00569050 _____ C:\TDSSKiller.3.1.0.9_27.01.2016_23.20.59_log.txt
2016-01-27 23:16 - 2016-01-27 23:17 - 01507840 _____ C:\Users\shavak\Downloads\AdwCleaner.exe
2016-01-27 01:16 - 2016-01-27 01:16 - 00651071 _____ C:\Users\shavak\Downloads\labsheet 1.pdf
2016-01-26 20:39 - 2016-01-26 20:39 - 00024735 _____ C:\Users\shavak\Downloads\Pilani-Quiz-schedule (1).pdf
2016-01-26 19:05 - 2016-01-26 19:05 - 00008950 _____ C:\Users\shavak\Downloads\Mother_Database_A7.csv
2016-01-25 20:53 - 2015-12-09 09:09 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-01-25 13:34 - 2016-01-25 13:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0D8D0E1C.sys
2016-01-25 13:32 - 2016-01-25 13:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\409B0D27.sys
2016-01-25 02:43 - 2016-01-25 02:43 - 00000000 ____D C:\Users\shavak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Canary Apps
2016-01-24 20:55 - 2016-01-24 20:55 - 00000766 _____ C:\Users\shavak\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-24 20:54 - 2016-02-07 20:26 - 00000000 ____D C:\EEK
2016-01-24 20:41 - 2016-01-25 02:37 - 00000548 _____ C:\Users\shavak\Desktop\JRT.txt
2016-01-24 20:33 - 2016-01-28 23:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-24 20:26 - 2016-01-24 20:26 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-24 19:49 - 2016-02-07 20:25 - 00000000 ____D C:\FRST
2016-01-24 19:47 - 2016-02-07 02:42 - 00002563 _____ C:\Users\shavak\Desktop\Google Chrome Canary.lnk
2016-01-24 11:15 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-01-24 01:42 - 2016-01-28 22:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 01:42 - 2016-01-24 01:42 - 00001142 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-24 01:42 - 2016-01-24 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-24 01:42 - 2016-01-24 01:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-24 01:42 - 2016-01-24 01:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-24 01:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-24 01:42 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-24 01:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-24 01:33 - 2016-01-27 23:29 - 00002032 _____ C:\Users\shavak\Desktop\Rkill.txt
2016-01-24 00:29 - 2016-01-26 19:04 - 00015064 _____ C:\Users\shavak\Downloads\All PS Stations.csv
2016-01-24 00:16 - 2016-01-24 00:16 - 00024368 _____ C:\Users\shavak\Downloads\PS 1 Guide (Summer of 2015).xlsx
2016-01-24 00:14 - 2016-01-24 00:14 - 00137566 _____ C:\Users\shavak\Downloads\PS 1 Guide (Summer of 2015).pdf
2016-01-23 16:55 - 2016-01-23 16:55 - 00002600 _____ C:\Users\shavak\Desktop\Safe Money.lnk
2016-01-23 16:49 - 2016-01-23 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-01-23 16:49 - 2016-01-23 16:48 - 00002266 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-01-23 16:45 - 2016-01-23 17:49 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-01-23 16:45 - 2016-01-23 17:49 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-01-23 16:45 - 2016-01-23 17:02 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-01-23 16:45 - 2016-01-23 16:45 - 00000000 ___SD C:\Users\shavak\Documents\Passwords Database
2016-01-23 16:37 - 2016-01-24 11:08 - 00000000 ____D C:\WINDOWS\ERUNT
2016-01-23 16:37 - 2016-01-23 16:40 - 00000572 _____ C:\DelFix.txt
2016-01-23 16:23 - 2016-01-23 16:23 - 00302011 _____ C:\Users\shavak\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-23 16:22 - 2016-01-23 16:23 - 00536906 _____ C:\Users\shavak\Downloads\apps.diagcab
2016-01-22 21:25 - 2016-01-22 21:25 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-21 18:51 - 2016-01-21 18:51 - 00556197 _____ C:\Users\shavak\Downloads\Letter to a fellow India1.pdf
2016-01-16 23:10 - 2016-01-16 23:10 - 00024735 _____ C:\Users\shavak\Downloads\Pilani-Quiz-schedule.pdf
2016-01-13 11:09 - 2016-02-02 13:00 - 00009555 _____ C:\Users\shavak\Documents\Model1.xlsx
2016-01-12 14:49 - 2016-01-12 14:49 - 00000000 ____D C:\Users\shavak\AppData\Roaming\DataRecommendations
2016-01-12 14:49 - 2016-01-12 14:49 - 00000000 ____D C:\Users\shavak\AppData\Local\DataRecommendation
2016-01-12 11:46 - 2016-01-12 11:46 - 00174080 _____ C:\Users\shavak\Downloads\pre-reqs.xls
2016-01-12 11:23 - 2016-01-13 16:41 - 00030699 _____ C:\Users\shavak\Downloads\Electives .xls
2016-01-12 00:38 - 2016-01-18 23:37 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 00:36 - 2016-01-18 23:36 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-01-12 00:36 - 2016-01-18 23:36 - 00002085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-01-12 00:36 - 2016-01-12 00:36 - 00002062 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-01-10 10:54 - 2016-01-10 10:54 - 00074981 _____ C:\Users\shavak\Downloads\TIME_TABLE_II_SEM_15_16'.pdf
2016-01-10 10:52 - 2016-01-10 10:52 - 06295281 _____ C:\Users\shavak\Downloads\TIME_TABLE_II_SEM_15_16.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 20:25 - 2014-09-24 23:12 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 20:22 - 2014-10-06 14:14 - 00000000 ____D C:\Users\shavak\AppData\Roaming\DC++
2016-02-07 20:02 - 2014-10-06 17:35 - 00000000 ____D C:\Users\shavak\AppData\Roaming\vlc
2016-02-07 19:55 - 2015-05-04 15:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-07 19:46 - 2014-11-13 01:30 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA1cffeb3450fab73.job
2016-02-07 19:35 - 2014-10-28 21:24 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA.job
2016-02-07 19:30 - 2014-11-14 23:20 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d000336dddb376.job
2016-02-07 17:21 - 2015-01-07 13:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-07 17:19 - 2015-09-25 13:35 - 00000000 ____D C:\Users\shavak\Downloads\DC Downloads
2016-02-07 16:46 - 2014-10-28 21:24 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002Core.job
2016-02-07 14:05 - 2015-04-27 16:19 - 00000000 ____D C:\Users\shavak\Documents\EGDownloads
2016-02-07 02:42 - 2014-10-28 21:56 - 00002535 _____ C:\Users\shavak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-02-07 02:30 - 2014-09-24 23:12 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 02:26 - 2014-10-03 00:05 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-07 02:26 - 2014-10-03 00:05 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-07 02:13 - 2014-10-03 00:27 - 00000000 ___RD C:\Users\shavak\OneDrive
2016-02-06 12:54 - 2015-08-07 02:14 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-06 12:54 - 2015-07-10 16:32 - 00000000 ____D C:\WINDOWS\INF
2016-02-06 12:37 - 2015-08-07 01:49 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-06 12:37 - 2014-10-02 23:31 - 00000000 __SHD C:\Users\shavak\IntelGraphicsProfiles
2016-02-06 06:50 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-04 18:55 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-04 18:36 - 2015-01-11 14:41 - 00000000 _____ C:\WINDOWS\SysWOW64\router.xml
2016-02-04 16:30 - 2015-07-10 17:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-04 16:29 - 2015-07-10 14:35 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-04 12:02 - 2014-10-06 14:14 - 00000000 ____D C:\Users\shavak\AppData\Local\DC++
2016-02-03 02:25 - 2014-11-14 23:20 - 00004014 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d000336dddb376
2016-02-03 02:25 - 2014-09-24 23:12 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 13:38 - 2015-08-23 23:40 - 00000000 ____D C:\Users\shavak\Downloads\Berkeley
2016-02-02 01:16 - 2015-11-21 09:57 - 00000000 ____D C:\Users\shavak\AppData\Local\Eclipse
2016-02-02 01:16 - 2015-11-21 09:57 - 00000000 ____D C:\Users\shavak\.p2
2016-02-02 01:15 - 2015-11-21 09:36 - 00000000 ____D C:\eclipse
2016-01-31 16:41 - 2014-11-13 01:30 - 00004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002UA1cffeb3450fab73
2016-01-31 16:41 - 2014-10-28 21:24 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3791644838-2506976317-402157581-1002Core
2016-01-31 10:20 - 2014-08-22 23:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-01-30 18:00 - 2015-07-10 14:35 - 00000000 ____D C:\Windows
2016-01-29 14:46 - 2015-08-07 01:53 - 00000000 ____D C:\Users\shavak
2016-01-29 14:45 - 2014-09-24 23:12 - 00000000 ____D C:\Users\shavak\AppData\Local\Google
2016-01-29 14:45 - 2014-09-24 23:12 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-28 22:02 - 2015-04-17 14:24 - 00000000 ____D C:\Users\shavak\AppData\Roaming\Skype
2016-01-27 19:01 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-27 18:12 - 2014-08-22 22:37 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-26 22:21 - 2014-10-03 14:22 - 00000000 ____D C:\Users\shavak\Desktop\Acads
2016-01-25 14:17 - 2015-11-28 20:53 - 00000000 ____D C:\Users\shavak\AppData\Roaming\TunnelBear
2016-01-25 14:17 - 2014-08-22 22:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-24 12:07 - 2015-09-18 12:00 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-23 17:49 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-01-23 17:49 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-01-23 16:51 - 2015-08-07 01:54 - 00000000 ____D C:\Users\UpdatusUser
2016-01-23 16:49 - 2015-01-07 13:11 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-23 16:48 - 2015-07-10 14:35 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-23 16:45 - 2013-08-22 19:06 - 00000000 ____D C:\Users\Default.migrated
2016-01-23 16:30 - 2015-11-29 09:04 - 00000000 ____D C:\Program Files\OpenVPN
2016-01-23 16:30 - 2015-11-28 21:09 - 00000000 ____D C:\Program Files\TAP-Windows
2016-01-23 16:24 - 2014-12-25 22:45 - 00000000 ____D C:\Users\shavak\AppData\Local\ElevatedDiagnostics
2016-01-22 21:25 - 2015-07-10 16:34 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 21:25 - 2015-07-10 16:34 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-22 21:20 - 2015-02-19 15:22 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-22 20:56 - 2014-09-24 22:31 - 00000000 ____D C:\Users\shavak\AppData\Local\Packages
2016-01-20 12:44 - 2015-05-04 15:28 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-19 21:30 - 2014-10-06 15:19 - 00001856 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-01-18 16:07 - 2014-12-13 19:04 - 00000000 ____D C:\Users\shavak\AppData\Roaming\BitTorrent
2016-01-13 21:35 - 2015-07-10 17:50 - 00383792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-12 09:48 - 2014-11-24 23:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-12 00:34 - 2014-09-24 21:08 - 00000000 ____D C:\ProgramData\Adobe
2016-01-12 00:34 - 2014-09-24 21:08 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2015-07-27 23:38 - 2015-07-27 23:51 - 0000077 _____ () C:\Users\shavak\AppData\Roaming\Rim.Desktop.Exception.log
2015-07-27 23:36 - 2015-07-27 23:36 - 0001111 _____ () C:\Users\shavak\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-07-27 23:38 - 2015-07-27 23:51 - 0000077 _____ () C:\Users\shavak\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-24 22:32 - 2015-08-07 01:14 - 1066329 _____ () C:\Users\shavak\AppData\Local\BTServer.log
2014-12-28 01:56 - 2014-12-28 01:56 - 0004608 _____ () C:\Users\shavak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-11 03:24 - 2015-04-11 03:25 - 0000600 _____ () C:\Users\shavak\AppData\Local\PUTTY.RND
2015-05-11 12:06 - 2015-11-26 15:48 - 0007649 _____ () C:\Users\shavak\AppData\Local\resmon.resmoncfg
2015-08-07 01:48 - 2015-08-07 01:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\shavak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\shavak\AppData\Local\Temp\procexp64.exe
C:\Users\shavak\AppData\Local\Temp\sqlite3.dll
C:\Users\shavak\AppData\Local\Temp\{C70C2E80-F1FE-4635-8FAB-0028E4C04DE9}-50.0.2634.0_chrome_installer_win64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-05 22:02

==================== End of FRST.txt ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 08 February 2016 - 08:08 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[attachment=176465:fixlist.txt]



ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 shavak1997

shavak1997
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 09 February 2016 - 11:55 PM

Hi fireman4it,

 

I ran FRST and when i tried to run eset after that, it didnt proceed as it was unable to access the internet thanks to my proxy settings. Please let me know if there is any way to bypass this.

 

The fixlog is attached herewith.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by shavak (2016-02-10 09:53:28) Run:2
Running from C:\Users\shavak\Documents\EGDownloads
Loaded Profiles: UpdatusUser & shavak (Available Profiles: UpdatusUser & shavak)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-3791644838-2506976317-402157581-1002] => hxxp://xn--koa.net/proxy.pac
Tcpip\..\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}: [DhcpNameServer] 172.24.2.71
Tcpip\..\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}: [DhcpNameServer] 172.20.0.1
FF NetworkProxy: "type", 0);user_pref("network.proxy.type", 0);user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}"
C:\Users\shavak\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\shavak\AppData\Local\Temp\procexp64.exe
C:\Users\shavak\AppData\Local\Temp\sqlite3.dll
C:\Users\shavak\AppData\Local\Temp\{C70C2E80-F1FE-4635-8FAB-0028E4C04DE9}-50.0.2634.0_chrome_installer_win64.exe
EmptyTemp:
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKU\S-1-5-21-3791644838-2506976317-402157581-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c0725b55-04b5-43cc-8e80-575a29f8afdf}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dc285da7-c8a9-438c-bee4-c39e7d819a09}\\DhcpNameServer => value removed successfully
Firefox Proxy settings were reset.
C:\Users\shavak\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\shavak\AppData\Local\Temp\procexp64.exe => moved successfully
C:\Users\shavak\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\shavak\AppData\Local\Temp\{C70C2E80-F1FE-4635-8FAB-0028E4C04DE9}-50.0.2634.0_chrome_installer_win64.exe => moved successfully
EmptyTemp: => 8.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:59:17 ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 11 February 2016 - 07:08 PM

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[attachment=176631:fixlist.txt]


How is the machine after this fix? still changing the proxie?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 14 February 2016 - 11:44 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 shavak1997

shavak1997
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 15 February 2016 - 10:10 AM

Hi fireman4it!

 

Thanks a lot for all the help.

 

The computer is worling alroght now and is not affecting the proxy any longer.

 

Thanks



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 15 February 2016 - 12:44 PM

It Appears That Your Pc Is Now Clean!
 

***

Clean up:


***

Right-click  AdwCleaner.exe and select Run As Administrator.

  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***

Clean up with delfix:

  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***

Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure


:step2: Make sure you keep your Windows OS current.

  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

:step3: Avoid P2P

  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 shavak1997

shavak1997
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 19 February 2016 - 03:52 AM

Hi fireman4it!

 

After the last fix, once I rebooted my pc, the same problem persisted and only went away on applying the patch again. This has seemess to happen many times.

 

Please look into it.

 

Thanks!



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 19 February 2016 - 02:48 PM

What patch are you talking about?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 shavak1997

shavak1997
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 19 February 2016 - 10:48 PM

The last fixlist you posted. I had to run that through frst again after reboot to reset the changes and consecutively after each reboot.

 

Thanks



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 PM

Posted 21 February 2016 - 03:34 PM

Please Download A fresh copy of FRST and run it and post the logs.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users