Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing popups which redirect to another site


  • This topic is locked This topic is locked
23 replies to this topic

#1 Joukueh

Joukueh

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 02 September 2016 - 03:22 PM

My computer is infected by nasties. I had scanned with Malwarebytes Anti-Malware, SuperAntiSpyware and Hitmanpro and removed the infections, but they kept coming back. 

 

PUP.Optional.PricePeep

PUP.Optional.PricePeep
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.ReMarkIt.PrxySvrRST
PUP.Optional.Yontoo

PUP.Optional.Yontoo

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (02-09-2016 22:33:51)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1860120 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-02] (Lenovo Group Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-30] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [GoogleChromeAutoLaunch_D41A9E33EF2F08E1926FD946650CEEAD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-20] (SUPERAntiSpyware)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-17] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ACGina
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
CHR HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{471d245c-89b4-437d-92ee-a0b690af34c6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6023efde-5162-4acc-b917-ca5f8080336e}: [DhcpNameServer] 192.168.178.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=334B0A125F6AF222402BC050A2C52D03
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> DefaultScope {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-06-07] (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-06-07] (AuthenTec Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\J K\AppData\Roaming\Mozilla\Firefox\Profiles\rrkuyv9i.default
FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?PC=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-05-01] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-04-10] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-21] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-05-01] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @citrixonline.com/appdetectorplugin -> C:\Users\J K\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\J K\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-02-28] ()
FF SearchPlugin: C:\Users\J K\AppData\Roaming\Mozilla\Firefox\Profiles\rrkuyv9i.default\searchplugins\bing-avast.xml [2015-01-26]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-12-29] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\J K\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\J K\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [VIP4X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2016-05-07] [not signed]
FF HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (TrueSuite) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Facebook Notifications) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaaihhjgmnafnbkaelaelkfifeimela [2016-04-01]
CHR Extension: (Watsapp messaging for Chrome™) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommmmpbplimfmebiadkflfgbgejahgm [2016-04-01]
CHR Extension: (Facebook App Launcher) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dihbebhmaoagdpbcnfedokpfkkgmmpgc [2016-06-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-06]
CHR Extension: (Video Downloader professional) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-20]
CHR Extension: (AdBlock) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-28]
CHR Extension: (Avast Online Security) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (wechat) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidckkocjhilapjdibodfopjkbnibkcf [2016-05-07]
CHR Extension: (LINE) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-08-20]
CHR Extension: (Video download helper) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-07-22]
CHR Extension: (WhatsApp Web Wrapper) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdjopfnbnkmfldmeffmhgodmlhdnei [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\J K\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-11-09] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-19] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-04-05] (Macrovision Europe Ltd.) [File not signed]
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-08-28] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-11-09] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [59216 2016-07-01] (Lenovo Group Limited)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-02] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-04-10] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-11] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-05-25] (360.cn)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-30] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-11-09] (Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-17] (GFI Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-04-21] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\system32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-02 22:33 - 2016-09-02 22:34 - 00045221 _____ C:\Users\J K\Desktop\FRST.txt
2016-09-02 22:32 - 2016-09-02 22:33 - 00000000 ____D C:\FRST
2016-09-02 22:31 - 2016-09-02 22:32 - 02397696 _____ (Farbar) C:\Users\J K\Desktop\FRST64.exe
2016-09-02 20:24 - 2016-09-02 20:24 - 00001281 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-09-02 20:23 - 2016-09-02 20:23 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-02 20:23 - 2016-09-02 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-02 20:22 - 2016-09-02 20:23 - 00000000 ____D C:\Program Files\iTunes
2016-09-02 20:22 - 2016-09-02 20:22 - 00000000 ____D C:\Program Files\iPod
2016-09-02 20:22 - 2016-09-02 20:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-09-02 20:18 - 2016-09-02 20:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-30 21:13 - 2016-08-30 21:13 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-30 21:12 - 2016-08-30 21:12 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 12:55 - 2016-08-29 12:56 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-29 12:55 - 2016-08-29 12:55 - 00001860 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-08-29 12:55 - 2016-08-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-29 07:06 - 2016-08-29 07:06 - 00004406 _____ C:\WINDOWS\system32\.crusader
2016-08-28 21:36 - 2016-08-28 21:36 - 00001977 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-08-28 21:36 - 2016-08-28 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-08-28 21:36 - 2016-08-28 21:36 - 00000000 ____D C:\Program Files\HitmanPro
2016-08-28 21:35 - 2016-08-29 12:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-28 21:35 - 2016-08-28 21:36 - 11438608 _____ (SurfRight B.V.) C:\Users\J K\Desktop\HitmanPro_x64.exe
2016-08-28 20:22 - 2016-08-28 20:24 - 21392696 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\J K\Desktop\SASDEFINITIONS.EXE
2016-08-28 20:11 - 2016-08-28 20:11 - 00000000 ____D C:\Users\J K\AppData\Roaming\SUPERAntiSpyware.com
2016-08-28 20:09 - 2016-08-28 20:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-08-28 19:41 - 2016-08-28 19:55 - 00003726 _____ C:\Users\J K\Desktop\Rkill.txt
2016-08-28 19:41 - 2016-08-28 19:41 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\J K\Desktop\rkill64.exe
2016-08-28 18:36 - 2016-08-28 18:36 - 03826240 _____ C:\Users\J K\Desktop\AdwCleaner.exe
2016-08-28 18:21 - 2016-08-28 20:08 - 27135816 _____ (SUPERAntiSpyware) C:\Users\J K\Desktop\SUPERAntiSpyware.exe
2016-08-28 17:35 - 2016-08-28 19:41 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\J K\Desktop\rkill.exe
2016-08-25 10:07 - 2016-08-25 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-22 22:12 - 2016-08-02 23:20 - 00191552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2016-08-22 22:12 - 2016-08-02 23:20 - 00191040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2016-08-21 17:21 - 2016-08-28 18:40 - 00000000 ___DC C:\AdwCleaner
2016-08-20 17:14 - 2016-08-20 17:14 - 00000000 ____D C:\ProgramData\avastSWCUTemp
2016-08-20 14:22 - 2016-08-20 14:22 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-20 14:19 - 2015-05-25 08:47 - 00452967 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160820-141929.backup
2016-08-20 13:52 - 2016-08-20 13:52 - 00001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-08-20 13:52 - 2016-08-20 13:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-08-20 13:52 - 2016-08-20 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-08-20 13:51 - 2016-08-20 16:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-20 13:51 - 2016-08-20 14:22 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-20 13:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-08-19 14:20 - 2016-09-02 22:25 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-19 14:20 - 2016-09-02 19:27 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-19 14:20 - 2016-08-25 10:08 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-19 14:20 - 2016-08-19 14:20 - 00003980 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-19 14:20 - 2016-08-19 14:20 - 00003748 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-19 14:19 - 2016-08-19 14:19 - 00690072 _____ (Dropbox, Inc.) C:\Users\J K\Desktop\DropboxInstaller.exe
2016-08-11 15:55 - 2016-08-03 22:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-11 15:55 - 2016-08-03 22:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-11 15:55 - 2016-08-03 22:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-11 15:55 - 2016-08-03 22:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-11 15:55 - 2016-08-03 22:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-11 15:55 - 2016-08-03 21:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-11 15:55 - 2016-08-03 21:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-11 15:55 - 2016-08-03 21:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-11 15:55 - 2016-08-03 21:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-11 15:55 - 2016-08-03 21:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-11 15:55 - 2016-08-03 21:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-11 15:55 - 2016-08-03 21:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-11 15:55 - 2016-08-03 21:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-11 15:55 - 2016-08-03 21:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-11 15:55 - 2016-08-03 21:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-11 15:55 - 2016-08-03 21:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-11 15:55 - 2016-08-03 21:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-11 15:55 - 2016-08-03 21:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-11 15:55 - 2016-08-03 21:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-11 15:55 - 2016-08-03 21:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-11 15:55 - 2016-08-03 21:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-11 15:55 - 2016-08-03 21:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-11 15:55 - 2016-08-03 21:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-11 15:55 - 2016-08-03 17:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-11 15:55 - 2016-08-03 17:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-11 15:55 - 2016-08-03 17:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-11 15:55 - 2016-08-03 17:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-11 15:55 - 2016-08-03 17:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-11 15:55 - 2016-08-03 17:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-11 15:55 - 2016-08-03 16:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-11 15:55 - 2016-08-03 16:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-11 15:55 - 2016-08-03 16:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-11 15:55 - 2016-08-03 16:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-11 15:55 - 2016-08-03 16:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-11 15:54 - 2016-08-03 23:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-11 15:54 - 2016-08-03 23:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-11 15:54 - 2016-08-03 23:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-11 15:54 - 2016-08-03 22:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-11 15:54 - 2016-08-03 22:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-11 15:54 - 2016-08-03 22:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-11 15:54 - 2016-08-03 22:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-11 15:54 - 2016-08-03 22:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-11 15:54 - 2016-08-03 22:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-11 15:54 - 2016-08-03 22:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-11 15:54 - 2016-08-03 22:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-11 15:54 - 2016-08-03 22:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-11 15:54 - 2016-08-03 22:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-11 15:54 - 2016-08-03 22:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-11 15:54 - 2016-08-03 22:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-11 15:54 - 2016-08-03 22:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-11 15:54 - 2016-08-03 22:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-11 15:54 - 2016-08-03 22:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-11 15:54 - 2016-08-03 22:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-11 15:54 - 2016-08-03 22:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-11 15:54 - 2016-08-03 22:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-11 15:54 - 2016-08-03 21:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-11 15:54 - 2016-08-03 21:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-11 15:54 - 2016-08-03 21:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-11 15:54 - 2016-08-03 21:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-11 15:54 - 2016-08-03 21:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-11 15:54 - 2016-08-03 21:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-11 15:54 - 2016-08-03 21:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-11 15:54 - 2016-08-03 21:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-11 15:54 - 2016-08-03 21:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-11 15:54 - 2016-08-03 21:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-11 15:54 - 2016-08-03 21:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-11 15:54 - 2016-08-03 21:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-11 15:54 - 2016-08-03 21:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-11 15:54 - 2016-08-03 21:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-11 15:54 - 2016-08-03 21:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-11 15:54 - 2016-08-03 21:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-11 15:54 - 2016-08-03 21:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-11 15:54 - 2016-08-03 21:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-11 15:54 - 2016-08-03 21:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-11 15:54 - 2016-08-03 21:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-11 15:54 - 2016-08-03 21:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-11 15:54 - 2016-08-03 21:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-11 15:54 - 2016-08-03 21:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-11 15:54 - 2016-08-03 21:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-11 15:54 - 2016-08-03 21:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-11 15:54 - 2016-08-03 21:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-11 15:54 - 2016-08-03 21:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-11 15:54 - 2016-08-03 21:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-11 15:54 - 2016-08-03 21:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-11 15:54 - 2016-08-03 21:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-11 15:54 - 2016-08-03 21:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-11 15:54 - 2016-08-03 21:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-11 15:54 - 2016-08-03 21:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-11 15:54 - 2016-08-03 21:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-11 15:54 - 2016-08-03 21:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-11 15:54 - 2016-08-03 21:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-11 15:54 - 2016-08-03 21:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-11 15:54 - 2016-08-03 21:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-11 15:54 - 2016-08-03 21:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-11 15:54 - 2016-08-03 21:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-11 15:54 - 2016-08-03 21:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-11 15:54 - 2016-08-03 21:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-11 15:54 - 2016-08-03 21:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-11 15:54 - 2016-08-03 21:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-11 15:54 - 2016-08-03 21:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-11 15:54 - 2016-08-03 21:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-11 15:54 - 2016-08-03 21:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-11 15:54 - 2016-08-03 17:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-11 15:54 - 2016-08-03 17:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-11 15:54 - 2016-08-03 17:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-11 15:54 - 2016-08-03 17:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-11 15:54 - 2016-08-03 16:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-11 15:54 - 2016-08-03 16:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-11 15:54 - 2016-08-03 16:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-11 15:54 - 2016-08-03 16:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-11 15:54 - 2016-08-03 16:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-11 15:54 - 2016-08-03 16:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-11 15:54 - 2016-08-03 16:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-11 15:54 - 2016-08-03 16:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-11 15:54 - 2016-08-03 16:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-11 15:54 - 2016-08-03 16:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-11 15:54 - 2016-08-03 16:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-11 15:54 - 2016-08-03 16:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-11 15:54 - 2016-08-03 16:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-11 15:54 - 2016-08-03 16:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-11 15:54 - 2016-08-03 16:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-11 15:54 - 2016-08-03 16:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-11 15:54 - 2016-08-03 16:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-11 15:54 - 2016-08-03 16:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-11 15:54 - 2016-08-03 16:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-11 15:54 - 2016-08-03 16:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-11 15:54 - 2016-08-03 16:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-11 15:54 - 2016-08-03 16:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-11 15:54 - 2016-08-03 16:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-11 15:54 - 2016-08-03 16:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-11 15:54 - 2016-08-03 16:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-11 15:54 - 2016-08-03 16:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-11 15:54 - 2016-08-03 16:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-11 15:54 - 2016-08-03 16:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-02 22:25 - 2015-06-04 20:33 - 00000664 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job
2016-09-02 22:14 - 2012-09-09 12:54 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-02 22:05 - 2014-09-04 13:33 - 00000568 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job
2016-09-02 21:58 - 2015-01-27 09:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-02 21:45 - 2014-04-25 10:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-02 20:24 - 2016-07-11 12:20 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2016-09-02 20:24 - 2012-10-14 18:46 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-02 20:24 - 2012-09-18 08:06 - 00001293 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-09-02 20:22 - 2012-11-06 10:16 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-09-02 20:15 - 2015-12-29 10:26 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-09-02 20:15 - 2013-12-09 19:10 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001UA.job
2016-09-02 20:15 - 2013-12-09 19:10 - 00000898 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001Core.job
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\Program Files\WinRAR
2016-09-02 19:30 - 2013-08-15 22:20 - 00000000 __RDC C:\Users\J K\Dropbox
2016-09-02 19:29 - 2016-04-17 14:40 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460860845
2016-09-02 19:29 - 2016-04-17 14:40 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 19:27 - 2015-12-21 18:44 - 00000000 ____D C:\Users\J K
2016-09-02 19:27 - 2015-12-21 18:44 - 00000000 ____D C:\Users\DefaultAppPool
2016-09-02 19:27 - 2015-11-09 16:18 - 00000000 __SHD C:\Users\J K\IntelGraphicsProfiles
2016-09-02 19:27 - 2012-09-18 07:37 - 00000000 ___DC C:\Users\J K\AppData\LocalLow\AuthenTec
2016-09-02 19:27 - 2012-09-09 12:54 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-02 19:27 - 2012-09-09 12:36 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-09-02 19:26 - 2015-12-21 19:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-02 19:26 - 2015-12-19 22:03 - 00000000 RSHDC C:\360SANDBOX
2016-09-02 18:35 - 2015-06-04 20:33 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001
2016-09-02 18:35 - 2014-09-04 13:33 - 00003720 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001
2016-09-02 18:19 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-02 18:19 - 2015-10-30 19:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-02 18:02 - 2015-10-30 19:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-02 18:02 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-02 17:53 - 2016-04-02 14:56 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F32DA718-8921-4B00-B0F2-5991B45391A1}
2016-08-30 21:13 - 2014-08-07 22:03 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-30 21:13 - 2014-03-01 11:01 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-30 21:13 - 2013-03-22 11:35 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-30 21:13 - 2013-03-22 11:35 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-30 21:12 - 2016-04-17 14:34 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-30 21:12 - 2012-09-18 09:03 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-30 15:15 - 2012-09-09 12:36 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-08-30 09:08 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-08-30 09:07 - 2015-10-30 18:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 07:55 - 2012-09-18 17:29 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Skype
2016-08-30 07:53 - 2012-09-18 17:29 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-08-30 07:53 - 2012-09-18 17:29 - 00000000 ___DC C:\ProgramData\Skype
2016-08-29 22:18 - 2015-08-23 21:19 - 00000000 ____D C:\Users\J K\Desktop\ProShow
2016-08-29 11:40 - 2012-09-27 22:19 - 00000000 ___DC C:\Program Files (x86)\Installation Assistant
2016-08-29 08:39 - 2012-09-09 13:09 - 00000000 ____D C:\WINDOWS\util
2016-08-28 19:40 - 2015-12-21 11:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-28 19:39 - 2013-05-06 16:59 - 01493068 _____ C:\WINDOWS\ntbtlog.txt
2016-08-28 19:13 - 2012-09-18 07:41 - 00000000 ___DC C:\Users\J K\AppData\LocalLow\VeriSign
2016-08-28 18:32 - 2015-03-02 08:43 - 00000000 ____D C:\Users\J K\Desktop\Antivirus
2016-08-23 22:26 - 2015-12-21 18:44 - 01022308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-23 22:26 - 2015-10-30 19:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-22 22:12 - 2015-04-29 15:42 - 00000000 ___DC C:\Program Files (x86)\Java
2016-08-22 22:10 - 2014-04-27 11:42 - 00921512 _____ (Oracle Corporation) C:\Users\J K\Desktop\chromeinstall-7u55.exe
2016-08-22 21:20 - 2015-02-18 22:44 - 00000000 ___DC C:\ProgramData\Citrix
2016-08-22 21:19 - 2015-02-18 22:43 - 00000000 ___DC C:\Program Files (x86)\Citrix
2016-08-22 21:19 - 2014-09-04 13:33 - 00000000 ___DC C:\Users\J K\AppData\Local\Citrix
2016-08-22 21:17 - 2014-10-11 19:27 - 00000000 ___DC C:\Users\J K\AppData\Roaming\uTorrent
2016-08-21 21:27 - 2016-01-27 20:10 - 00000000 ____D C:\Users\J K\AppData\Local\CrashDumps
2016-08-21 17:58 - 2014-04-25 10:02 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-20 18:42 - 2016-06-12 11:11 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2016-08-20 16:59 - 2016-01-13 11:30 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-20 14:15 - 2012-09-09 12:54 - 00000000 ___DC C:\Program Files (x86)\Google
2016-08-19 14:23 - 2013-08-15 22:20 - 00001314 _____ C:\Users\J K\Desktop\Dropbox.lnk
2016-08-19 14:22 - 2013-08-15 22:05 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Dropbox
2016-08-13 01:58 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 22:03 - 2015-09-10 17:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 21:23 - 2015-10-30 21:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 21:23 - 2015-10-30 19:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 21:15 - 2012-11-14 13:23 - 00000000 ___DC C:\Users\J K\AppData\Local\ElevatedDiagnostics
2016-08-11 16:26 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 16:26 - 2013-07-16 10:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 16:10 - 2012-09-19 11:26 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 04:20 - 2012-09-09 12:54 - 00002283 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 12:40 - 2016-01-29 14:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2016-07-17 16:07 - 2016-07-17 19:41 - 0000229 _____ () C:\Users\J K\AppData\Roaming\.ptbt0
2012-09-18 07:37 - 2012-09-30 21:48 - 0025046 ____C () C:\Users\J K\AppData\Roaming\AbsoluteReminder.xml
2013-05-20 20:43 - 2014-03-03 14:19 - 0000132 ____C () C:\Users\J K\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-09-09 21:18 - 2013-09-09 21:18 - 0001456 ____C () C:\Users\J K\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-04 20:24 - 2016-04-04 20:26 - 0004608 _____ () C:\Users\J K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 12:45 - 2015-04-02 21:25 - 0007628 ____C () C:\Users\J K\AppData\Local\Resmon.ResmonCfg
2015-12-21 18:40 - 2015-12-21 18:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-05 12:05 - 2015-03-05 12:05 - 0000952 __SHC () C:\ProgramData\KGyGaAvL.sys
 
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4724.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-28 23:03
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 04 September 2016 - 10:54 AM

Hello Joukueh, and welcome to Bleeping Computer.

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 07 September 2016 - 03:07 PM

Hi RayS,

I have just received a response from Oh My! who apparently has seen a similar post. Since the issue has not been resolved, pls continue with the study for a solution. I need help pls!

Thank you,

Joukueh 



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 07 September 2016 - 04:44 PM

Hello again Joukueh and welcome to Bleeping Computer.

I will be helping you with your computer problem. If you would permit me to call you by your first name, I would prefer that. Please call me "Ray".
 

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.


Which Browser(s) affected?
 

Keep seeing popups which redirect to another site

 

  • Which browser is being redirected?
  • Have you tried other browsers?
  • Are they also being redirected?
  • Have you tried operating in Safe Mode with Networking? You can see information about Safe Mode here.

 

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

start

HKLM-x32\...\Run: [] => [X]
CHR HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (TrueSuite) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CustomCLSID: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\J K\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
Task: {182B5C33-051D-4A6D-9FCC-D46F9DB59093} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {18973A2E-65E7-4235-8175-025FFBC3591A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {232ADA99-AD32-45AA-B2CA-54B751DF18FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4FCB0E99-C176-417C-B7D9-D1F1B54D9B1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {79EF8D06-E420-4E3A-B737-4CFCECA0976E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7B6F54BB-E172-46D9-888A-C8AF81B253C0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {8F9DF2E0-3FCC-43C4-BB63-B0FAD5158948} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDB404B7-681A-4324-BA4B-6C88B7CF2DF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D4F2725A-3D9A-4E08-8E0E-8EDC4B01D4D3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DDB7875B-1EE1-43CD-953A-98F7E9DCE817} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_auto_align_droplet.bat (No File)
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> DefaultScope {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.

 

 

Run Junkware Removal Tool (JRT)

96jfrSi.png Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and click Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




In your next reply...


  • Confirm that you have backed up your important files.
  • Please tell me which browsers you are using and whether they all redirect when operated both in normal boot and in Safe Mode with Networking.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of JRT.txt into the body of your message.
  • Tell me how your PC is running now. Include a detailed description of any unexpected symptoms and supply verbatim copies of any error messages you encounter.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 September 2016 - 12:16 AM

Hi Ray,

 

First of all, please call me JK (my initials).

 

Thank you very much for the instructions. I am looking forward to fixing it so my computer will run faster and rid of all popups.

 

"The location is listed in the 3rd line of the FRST.txt log you have submitted.' Please show me where it is in the code box above.

 

Do I paste the Fixlist.txt, Fixlog.txt and JRT.txt after having copied the content of the above code box? My experience with pasting all scanned results in the message is that it will slow down or terminate my effort in sending my message to BleepingComputer.

 

I confirm I have backed up all data in my C drive. I only use Google Chrome which the redirecting problem still exist. I have not tried operating in Safe Mode with Networking for solving the current problem.

 

I will begin scanning after I receive your confirmation.

 

JK



#6 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 September 2016 - 04:01 AM

Hi Ray,

 

I finally understood  your instruction.

 

After I ran FRST.exe, this was what happened when I opened Chrome:

 

1. Clicked Ebay site, 3 popups relating to ebay popup on the same page showing all specials.

2. Opened BleepingComputer site to download Junkware Removal Tool 8.0.7.0. Clicked on Download button, PCKeeper opened on a new window. Clicked Download again, download began.

3. Instal JRT.exe and went through the whole process and JRT.txt opened automatically.

4. Restored Chrome 3 popups appeared on BleepingComputer download page. Clicked anywhere on the window and PCKeeper opened on new window.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (09-09-2016 19:46:49)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1860120 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-02] (Lenovo Group Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-02] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [GoogleChromeAutoLaunch_D41A9E33EF2F08E1926FD946650CEEAD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-09-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\MountPoints2: {74bc099d-70de-11e6-8dc3-446d57c20514} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-17] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ACGina
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
CHR HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{471d245c-89b4-437d-92ee-a0b690af34c6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6023efde-5162-4acc-b917-ca5f8080336e}: [DhcpNameServer] 192.168.178.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=334B0A125F6AF222402BC050A2C52D03
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> DefaultScope {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-06-07] (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-06-07] (AuthenTec Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\J K\AppData\Roaming\Mozilla\Firefox\Profiles\rrkuyv9i.default
FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?PC=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-05-01] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-04-10] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-21] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-05-01] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @citrixonline.com/appdetectorplugin -> C:\Users\J K\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\J K\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-02-28] ()
FF SearchPlugin: C:\Users\J K\AppData\Roaming\Mozilla\Firefox\Profiles\rrkuyv9i.default\searchplugins\bing-avast.xml [2015-01-26]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-12-29] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\J K\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\J K\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [VIP4X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2016-05-07] [not signed]
FF HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (TrueSuite) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Facebook Notifications) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaaihhjgmnafnbkaelaelkfifeimela [2016-04-01]
CHR Extension: (Watsapp messaging for Chrome™) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommmmpbplimfmebiadkflfgbgejahgm [2016-04-01]
CHR Extension: (Facebook App Launcher) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dihbebhmaoagdpbcnfedokpfkkgmmpgc [2016-06-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-06]
CHR Extension: (Video Downloader professional) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-20]
CHR Extension: (AdBlock) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-28]
CHR Extension: (Avast Online Security) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (wechat) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidckkocjhilapjdibodfopjkbnibkcf [2016-05-07]
CHR Extension: (LINE) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-08-20]
CHR Extension: (Video download helper) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-07-22]
CHR Extension: (WhatsApp Web Wrapper) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdjopfnbnkmfldmeffmhgodmlhdnei [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\J K\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-11-09] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-19] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-04-05] (Macrovision Europe Ltd.) [File not signed]
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-08-28] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-11-09] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [60752 2016-08-24] (Lenovo Group Limited)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-02] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-04-10] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-07-07] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-11] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-05-25] (360.cn)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-30] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-11-09] (Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-17] (GFI Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-04-21] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\system32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-09 19:42 - 2016-09-09 19:42 - 00004195 _____ C:\Users\J K\Desktop\fixlist.txt
2016-09-07 21:36 - 2016-09-07 21:36 - 00000000 ____D C:\ProgramData\avastSWCUTemp
2016-09-03 10:48 - 2016-09-03 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-03 08:33 - 2016-09-03 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-09-02 22:33 - 2016-09-09 19:46 - 00044337 _____ C:\Users\J K\Desktop\FRST.txt
2016-09-02 22:32 - 2016-09-09 19:46 - 00000000 ____D C:\FRST
2016-09-02 22:31 - 2016-09-02 22:32 - 02397696 _____ (Farbar) C:\Users\J K\Desktop\FRST64.exe
2016-09-02 20:23 - 2016-09-02 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-02 20:22 - 2016-09-02 20:23 - 00000000 ____D C:\Program Files\iTunes
2016-09-02 20:22 - 2016-09-02 20:22 - 00000000 ____D C:\Program Files\iPod
2016-09-02 20:22 - 2016-09-02 20:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-09-02 20:18 - 2016-09-02 20:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-30 21:13 - 2016-08-30 21:13 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-30 21:12 - 2016-08-30 21:12 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 12:55 - 2016-09-04 10:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-29 12:55 - 2016-08-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-29 07:06 - 2016-08-29 07:06 - 00004406 _____ C:\WINDOWS\system32\.crusader
2016-08-28 21:36 - 2016-08-28 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-08-28 21:36 - 2016-08-28 21:36 - 00000000 ____D C:\Program Files\HitmanPro
2016-08-28 21:35 - 2016-08-29 12:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-28 20:11 - 2016-08-28 20:11 - 00000000 ____D C:\Users\J K\AppData\Roaming\SUPERAntiSpyware.com
2016-08-28 20:09 - 2016-08-28 20:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-08-24 14:50 - 2016-08-24 14:50 - 00257872 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2016-08-22 22:12 - 2016-08-02 23:20 - 00191552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2016-08-22 22:12 - 2016-08-02 23:20 - 00191040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2016-08-21 17:21 - 2016-09-04 10:58 - 00000000 ___DC C:\AdwCleaner
2016-08-20 14:22 - 2016-08-20 14:22 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-20 14:19 - 2015-05-25 08:47 - 00452967 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160820-141929.backup
2016-08-20 13:52 - 2016-08-20 13:52 - 00001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-08-20 13:52 - 2016-08-20 13:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-08-20 13:52 - 2016-08-20 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-08-20 13:51 - 2016-08-20 16:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-20 13:51 - 2016-08-20 14:22 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-20 13:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-08-19 14:20 - 2016-09-09 19:25 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-19 14:20 - 2016-09-09 14:25 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-19 14:20 - 2016-09-04 08:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-19 14:20 - 2016-08-19 14:20 - 00003980 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-19 14:20 - 2016-08-19 14:20 - 00003748 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-19 14:19 - 2016-08-19 14:19 - 00690072 _____ (Dropbox, Inc.) C:\Users\J K\Desktop\DropboxInstaller.exe
2016-08-11 15:55 - 2016-08-03 22:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-11 15:55 - 2016-08-03 22:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-11 15:55 - 2016-08-03 22:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-11 15:55 - 2016-08-03 22:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-11 15:55 - 2016-08-03 22:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-11 15:55 - 2016-08-03 21:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-11 15:55 - 2016-08-03 21:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-11 15:55 - 2016-08-03 21:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-11 15:55 - 2016-08-03 21:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-11 15:55 - 2016-08-03 21:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-11 15:55 - 2016-08-03 21:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-11 15:55 - 2016-08-03 21:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-11 15:55 - 2016-08-03 21:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-11 15:55 - 2016-08-03 21:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-11 15:55 - 2016-08-03 21:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-11 15:55 - 2016-08-03 21:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-11 15:55 - 2016-08-03 21:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-11 15:55 - 2016-08-03 21:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-11 15:55 - 2016-08-03 21:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-11 15:55 - 2016-08-03 21:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-11 15:55 - 2016-08-03 21:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-11 15:55 - 2016-08-03 21:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-11 15:55 - 2016-08-03 21:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-11 15:55 - 2016-08-03 17:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-11 15:55 - 2016-08-03 17:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-11 15:55 - 2016-08-03 17:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-11 15:55 - 2016-08-03 17:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-11 15:55 - 2016-08-03 17:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-11 15:55 - 2016-08-03 17:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-11 15:55 - 2016-08-03 16:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-11 15:55 - 2016-08-03 16:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-11 15:55 - 2016-08-03 16:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-11 15:55 - 2016-08-03 16:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-11 15:55 - 2016-08-03 16:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-11 15:54 - 2016-08-03 23:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-11 15:54 - 2016-08-03 23:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-11 15:54 - 2016-08-03 23:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-11 15:54 - 2016-08-03 22:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-11 15:54 - 2016-08-03 22:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-11 15:54 - 2016-08-03 22:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-11 15:54 - 2016-08-03 22:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-11 15:54 - 2016-08-03 22:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-11 15:54 - 2016-08-03 22:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-11 15:54 - 2016-08-03 22:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-11 15:54 - 2016-08-03 22:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-11 15:54 - 2016-08-03 22:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-11 15:54 - 2016-08-03 22:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-11 15:54 - 2016-08-03 22:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-11 15:54 - 2016-08-03 22:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-11 15:54 - 2016-08-03 22:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-11 15:54 - 2016-08-03 22:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-11 15:54 - 2016-08-03 22:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-11 15:54 - 2016-08-03 22:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-11 15:54 - 2016-08-03 22:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-11 15:54 - 2016-08-03 22:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-11 15:54 - 2016-08-03 21:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-11 15:54 - 2016-08-03 21:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-11 15:54 - 2016-08-03 21:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-11 15:54 - 2016-08-03 21:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-11 15:54 - 2016-08-03 21:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-11 15:54 - 2016-08-03 21:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-11 15:54 - 2016-08-03 21:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-11 15:54 - 2016-08-03 21:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-11 15:54 - 2016-08-03 21:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-11 15:54 - 2016-08-03 21:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-11 15:54 - 2016-08-03 21:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-11 15:54 - 2016-08-03 21:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-11 15:54 - 2016-08-03 21:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-11 15:54 - 2016-08-03 21:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-11 15:54 - 2016-08-03 21:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-11 15:54 - 2016-08-03 21:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-11 15:54 - 2016-08-03 21:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-11 15:54 - 2016-08-03 21:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-11 15:54 - 2016-08-03 21:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-11 15:54 - 2016-08-03 21:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-11 15:54 - 2016-08-03 21:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-11 15:54 - 2016-08-03 21:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-11 15:54 - 2016-08-03 21:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-11 15:54 - 2016-08-03 21:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-11 15:54 - 2016-08-03 21:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-11 15:54 - 2016-08-03 21:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-11 15:54 - 2016-08-03 21:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-11 15:54 - 2016-08-03 21:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-11 15:54 - 2016-08-03 21:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-11 15:54 - 2016-08-03 21:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-11 15:54 - 2016-08-03 21:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-11 15:54 - 2016-08-03 21:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-11 15:54 - 2016-08-03 21:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-11 15:54 - 2016-08-03 21:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-11 15:54 - 2016-08-03 21:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-11 15:54 - 2016-08-03 21:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-11 15:54 - 2016-08-03 21:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-11 15:54 - 2016-08-03 21:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-11 15:54 - 2016-08-03 21:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-11 15:54 - 2016-08-03 21:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-11 15:54 - 2016-08-03 21:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-11 15:54 - 2016-08-03 21:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-11 15:54 - 2016-08-03 21:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-11 15:54 - 2016-08-03 21:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-11 15:54 - 2016-08-03 21:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-11 15:54 - 2016-08-03 21:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-11 15:54 - 2016-08-03 21:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-11 15:54 - 2016-08-03 17:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-11 15:54 - 2016-08-03 17:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-11 15:54 - 2016-08-03 17:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-11 15:54 - 2016-08-03 17:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-11 15:54 - 2016-08-03 16:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-11 15:54 - 2016-08-03 16:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-11 15:54 - 2016-08-03 16:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-11 15:54 - 2016-08-03 16:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-11 15:54 - 2016-08-03 16:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-11 15:54 - 2016-08-03 16:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-11 15:54 - 2016-08-03 16:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-11 15:54 - 2016-08-03 16:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-11 15:54 - 2016-08-03 16:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-11 15:54 - 2016-08-03 16:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-11 15:54 - 2016-08-03 16:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-11 15:54 - 2016-08-03 16:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-11 15:54 - 2016-08-03 16:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-11 15:54 - 2016-08-03 16:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-11 15:54 - 2016-08-03 16:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-11 15:54 - 2016-08-03 16:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-11 15:54 - 2016-08-03 16:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-11 15:54 - 2016-08-03 16:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-11 15:54 - 2016-08-03 16:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-11 15:54 - 2016-08-03 16:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-11 15:54 - 2016-08-03 16:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-11 15:54 - 2016-08-03 16:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-11 15:54 - 2016-08-03 16:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-11 15:54 - 2016-08-03 16:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-11 15:54 - 2016-08-03 16:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-11 15:54 - 2016-08-03 16:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-11 15:54 - 2016-08-03 16:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-11 15:54 - 2016-08-03 16:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-09 19:44 - 2015-03-02 08:43 - 00000000 ____D C:\Users\J K\Desktop\Antivirus
2016-09-09 19:36 - 2015-06-04 20:33 - 00000664 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job
2016-09-09 19:32 - 2016-04-02 14:56 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F32DA718-8921-4B00-B0F2-5991B45391A1}
2016-09-09 19:14 - 2012-09-09 12:54 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-09 19:14 - 2012-09-09 12:54 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-09 19:09 - 2014-09-04 13:33 - 00000568 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job
2016-09-09 18:58 - 2015-01-27 09:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-09 17:15 - 2013-12-09 19:10 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001UA.job
2016-09-09 16:05 - 2015-12-21 18:44 - 01022308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-09 16:05 - 2015-10-30 19:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-09 15:15 - 2012-09-09 12:36 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-09-09 14:55 - 2016-01-27 20:10 - 00000000 ____D C:\Users\J K\AppData\Local\CrashDumps
2016-09-09 07:59 - 2015-11-09 16:18 - 00000000 __SHD C:\Users\J K\IntelGraphicsProfiles
2016-09-09 07:59 - 2012-09-18 07:37 - 00000000 ___DC C:\Users\J K\AppData\LocalLow\AuthenTec
2016-09-09 07:59 - 2012-09-09 12:36 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-09-09 07:57 - 2015-12-21 18:44 - 00000000 ____D C:\Users\J K
2016-09-08 09:21 - 2016-06-12 11:11 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2016-09-07 20:15 - 2013-12-09 19:10 - 00000898 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001Core.job
2016-09-07 08:51 - 2015-12-21 19:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-07 08:51 - 2015-12-19 22:03 - 00000000 RSHDC C:\360SANDBOX
2016-09-06 16:16 - 2015-08-23 21:19 - 00000000 ____D C:\Users\J K\Desktop\ProShow
2016-09-06 11:28 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-06 11:25 - 2014-04-25 10:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 13:56 - 2015-10-30 18:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-04 11:05 - 2013-08-15 22:20 - 00000000 __RDC C:\Users\J K\Dropbox
2016-09-04 08:47 - 2012-09-08 20:18 - 00000000 ___DC C:\ProgramData\Lenovo
2016-09-04 08:37 - 2013-03-20 12:10 - 00000000 ___DC C:\Program Files\WinRAR
2016-09-04 08:37 - 2012-10-14 18:46 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 23:05 - 2015-06-04 20:33 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001
2016-09-03 23:05 - 2014-09-04 13:33 - 00003720 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001
2016-09-03 17:16 - 2013-06-25 14:12 - 00000000 ___DC C:\Users\J K\AppData\Roaming\vlc
2016-09-03 15:02 - 2015-10-30 19:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-03 08:34 - 2012-09-09 13:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2016-09-03 08:33 - 2012-09-09 12:45 - 00000000 __HDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-09-03 08:33 - 2012-09-09 12:42 - 00000000 ___DC C:\Program Files (x86)\Lenovo
2016-09-02 20:24 - 2016-07-11 12:20 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2016-09-02 20:24 - 2012-09-18 08:06 - 00001293 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-09-02 20:22 - 2012-11-06 10:16 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-09-02 20:15 - 2015-12-29 10:26 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-02 19:29 - 2016-04-17 14:40 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460860845
2016-09-02 19:29 - 2016-04-17 14:40 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 19:27 - 2015-12-21 18:44 - 00000000 ____D C:\Users\DefaultAppPool
2016-09-02 18:19 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-02 18:19 - 2015-10-30 19:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-30 21:13 - 2014-08-07 22:03 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-30 21:13 - 2014-03-01 11:01 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-30 21:13 - 2013-03-22 11:35 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-30 21:13 - 2013-03-22 11:35 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-30 21:12 - 2016-04-17 14:34 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-30 21:12 - 2012-09-18 09:03 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-30 09:08 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-08-30 07:55 - 2012-09-18 17:29 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Skype
2016-08-30 07:53 - 2012-09-18 17:29 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-08-30 07:53 - 2012-09-18 17:29 - 00000000 ___DC C:\ProgramData\Skype
2016-08-29 11:40 - 2012-09-27 22:19 - 00000000 ___DC C:\Program Files (x86)\Installation Assistant
2016-08-29 08:39 - 2012-09-09 13:09 - 00000000 ____D C:\WINDOWS\util
2016-08-28 19:40 - 2015-12-21 11:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-28 19:39 - 2013-05-06 16:59 - 01493068 _____ C:\WINDOWS\ntbtlog.txt
2016-08-28 19:13 - 2012-09-18 07:41 - 00000000 ___DC C:\Users\J K\AppData\LocalLow\VeriSign
2016-08-22 22:12 - 2015-04-29 15:42 - 00000000 ___DC C:\Program Files (x86)\Java
2016-08-22 22:10 - 2014-04-27 11:42 - 00921512 _____ (Oracle Corporation) C:\Users\J K\Desktop\chromeinstall-7u55.exe
2016-08-22 21:20 - 2015-02-18 22:44 - 00000000 ___DC C:\ProgramData\Citrix
2016-08-22 21:19 - 2015-02-18 22:43 - 00000000 ___DC C:\Program Files (x86)\Citrix
2016-08-22 21:19 - 2014-09-04 13:33 - 00000000 ___DC C:\Users\J K\AppData\Local\Citrix
2016-08-22 21:17 - 2014-10-11 19:27 - 00000000 ___DC C:\Users\J K\AppData\Roaming\uTorrent
2016-08-21 17:58 - 2014-04-25 10:02 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-20 16:59 - 2016-01-13 11:30 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-20 14:15 - 2012-09-09 12:54 - 00000000 ___DC C:\Program Files (x86)\Google
2016-08-19 14:23 - 2013-08-15 22:20 - 00001314 _____ C:\Users\J K\Desktop\Dropbox.lnk
2016-08-19 14:22 - 2013-08-15 22:05 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Dropbox
2016-08-13 01:58 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 22:03 - 2015-09-10 17:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 21:23 - 2015-10-30 21:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 21:23 - 2015-10-30 19:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 21:15 - 2012-11-14 13:23 - 00000000 ___DC C:\Users\J K\AppData\Local\ElevatedDiagnostics
2016-08-11 16:26 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 16:26 - 2013-07-16 10:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 16:10 - 2012-09-19 11:26 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 04:20 - 2012-09-09 12:54 - 00002283 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2016-07-17 16:07 - 2016-07-17 19:41 - 0000229 _____ () C:\Users\J K\AppData\Roaming\.ptbt0
2012-09-18 07:37 - 2012-09-30 21:48 - 0025046 ____C () C:\Users\J K\AppData\Roaming\AbsoluteReminder.xml
2013-05-20 20:43 - 2014-03-03 14:19 - 0000132 ____C () C:\Users\J K\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-09-09 21:18 - 2013-09-09 21:18 - 0001456 ____C () C:\Users\J K\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-04 20:24 - 2016-04-04 20:26 - 0004608 _____ () C:\Users\J K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 12:45 - 2015-04-02 21:25 - 0007628 ____C () C:\Users\J K\AppData\Local\Resmon.ResmonCfg
2015-12-21 18:40 - 2015-12-21 18:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-05 12:05 - 2015-03-05 12:05 - 0000952 __SHC () C:\ProgramData\KGyGaAvL.sys
 
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4724.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-06 13:13
 
==================== End of FRST.txt ============================


#7 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 September 2016 - 04:18 AM

Hi Ray,

 

When I tried to post the first reply, www.reimageplus.com opened on new window. I clicked to post the second time, the following popped up:

security Error Code 0x80070424

www.wegurucommerce.com

Firewall hat potententiale Bedrohunngen in lhrem PC entdeckt

 

I will post Fixlog.txt on my next reply.

JK


Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by J K (09-09-2016 20:23:11) Run:1
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
CHR HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (TrueSuite) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CustomCLSID: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\J K\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
Task: {182B5C33-051D-4A6D-9FCC-D46F9DB59093} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {18973A2E-65E7-4235-8175-025FFBC3591A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {232ADA99-AD32-45AA-B2CA-54B751DF18FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4FCB0E99-C176-417C-B7D9-D1F1B54D9B1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {79EF8D06-E420-4E3A-B737-4CFCECA0976E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7B6F54BB-E172-46D9-888A-C8AF81B253C0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {8F9DF2E0-3FCC-43C4-BB63-B0FAD5158948} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDB404B7-681A-4324-BA4B-6C88B7CF2DF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D4F2725A-3D9A-4E08-8E0E-8EDC4B01D4D3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DDB7875B-1EE1-43CD-953A-98F7E9DCE817} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_auto_align_droplet.bat (No File)
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> DefaultScope {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
 
End
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
"HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully
C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
"HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{182B5C33-051D-4A6D-9FCC-D46F9DB59093}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182B5C33-051D-4A6D-9FCC-D46F9DB59093}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18973A2E-65E7-4235-8175-025FFBC3591A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18973A2E-65E7-4235-8175-025FFBC3591A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{232ADA99-AD32-45AA-B2CA-54B751DF18FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{232ADA99-AD32-45AA-B2CA-54B751DF18FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FCB0E99-C176-417C-B7D9-D1F1B54D9B1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FCB0E99-C176-417C-B7D9-D1F1B54D9B1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79EF8D06-E420-4E3A-B737-4CFCECA0976E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79EF8D06-E420-4E3A-B737-4CFCECA0976E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B6F54BB-E172-46D9-888A-C8AF81B253C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B6F54BB-E172-46D9-888A-C8AF81B253C0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F9DF2E0-3FCC-43C4-BB63-B0FAD5158948}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9DF2E0-3FCC-43C4-BB63-B0FAD5158948}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDB404B7-681A-4324-BA4B-6C88B7CF2DF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDB404B7-681A-4324-BA4B-6C88B7CF2DF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4F2725A-3D9A-4E08-8E0E-8EDC4B01D4D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4F2725A-3D9A-4E08-8E0E-8EDC4B01D4D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDB7875B-1EE1-43CD-953A-98F7E9DCE817}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB7875B-1EE1-43CD-953A-98F7E9DCE817}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk => moved successfully
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64AF4D11-6492-4C25-B014-B6C6CEE3B0C5}" => key removed successfully
HKCR\CLSID\{64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} => key not found. 
 
==== End of Fixlog 20:23:14 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by J K (Administrator) on 09-Sep-16 at 20:31:32.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 17 
 
Successfully deleted: C:\Users\J K\AppData\Local\{141302E9-131D-418C-A2F2-8F920BB2F889} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{3AFBAE14-E18F-4E6C-AC0B-548705DA0763} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{521F5497-07F1-4C0A-943F-14D3C11A11F9} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{682D1BE4-B691-4FF5-817F-3AF0BC6953B6} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{6E76C567-1338-4605-9FAE-35B2D45A106E} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{9CD835A2-D8C5-4D13-9F86-EBFBDE2C9DA8} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{A0DF82A0-4123-451E-9639-3B84BE6CC07B} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{A501C48F-9825-4D2D-9240-F15FB6F9CC98} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{B78CAA9F-2A0E-49BC-B463-084204B98372} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{C0436C67-82A1-4A24-BC4F-E79F39586830} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{D94A2DB0-5DF8-49BB-A60C-7379AA32CE47} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{EBC60DEA-8FD0-4987-AA20-9597681F1416} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\{F136BDE5-E6B4-45AE-B093-91258FD2DA3E} (Empty Folder)
Successfully deleted: C:\Users\J K\AppData\Local\installation assistant (Folder) 
Successfully deleted: C:\Users\J K\AppData\Roaming\new version available (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\installation assistant (Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D41A9E33EF2F08E1926FD946650CEEAD (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09-Sep-16 at 20:37:32.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 10 September 2016 - 11:00 AM

Hi JK,

Thanks for giving me your nickname.

I see your three consecutive posts. I can readily understand how you could be unsure about how to run our tools. I applaud you for asking for guidance instead of moving ahead and possibly making matters worse.

Thank you for the contents of Fixlog.txt and JRT.txt. Unfortunately the FRST.txt scan was taken before you ran the Fixlist.txt script and the JRT.exe scan. I would like to see the status of your PC after the tools were run. Please launch FRST64.exe again and place a checkmark into the Addition.txt box then press the Scan button. Copy and paste the contents of both FRST.txt and Addition.txt into your reply.



In Post #6, you said:

Restored Chrome 3 popups appeared on BleepingComputer download page.

What does "Restored Chrome" mean in this context? Does it mean that you re-enabled all your add-ons in Chrome? Please explain.


 

My experience with pasting all scanned results in the message is that it will slow down or terminate my effort in sending my message to BleepingComputer.

Please explain this a little further. Does Chrome still terminate or slow down when you visit the Bleeping Computer site? How does Chrome perform when you visit other sites? What symptoms or error messages do you get? Does Chrome freeze or does the connection to Bleeping Computer time out? This problem might be alleviated if you boot into Safe Mode with Networking. I asked about Safe Mode (but didn't request that you try it) in my previous message for a different reason, but now we can do it to solve the slowdown or termination problem too.

Enter Safe Mode With Networking

  • Restart your computer.
  • Press the F8 key rapidly as soon as your PC begins to boot up.
  • A black Advanced Boot Options window will open.
  • Use your down arrow key to select Safe Mode with Networking then press Enter.
  • You can see additional info here.

Use Chrome while still in Safe Mode with Networking. Do you notice an improvement in performance? Does your session with Bleeping Computer terminate?




Do you have access to a second computer that can be used to connect to the internet? I want to know for possible future use, but please don't transfer any files between your sick PC and any other device until we discuss it.



In your next reply...

  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Please tell me whether your session with Bleeping Computer is still slow or terminates when booting normally and when booting into Safe Mode with Networking.
  • When visiting other sites, does Chrome now perform without redirection when booting normally and when booting into in Safe Mode with Networking?
  • Do you have access to a second computer?
  • How is your computer running now?
  • Thank you,

    Ray

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 September 2016 - 04:25 PM

Hi Ray,

 

Thanks for clarifying. Please see the FRST, fixlog, addition and JRT logs below. I'm still getting the Reimage Plus and various other on-click popups when visiting sites in Chrome. This doesn't seem to occur in Internet Explorer. Computer still runs fairly slow. I unfortunately don't have a second computer to compare to. I have not tried Safe Mode yet.

 

In answer to some of your previous questions:

  • What does "Restored Chrome" mean in this context? Does it mean that you re-enabled all your add-ons in Chrome? Please explain. Reopened Chrome and still affected by popups and redirect ads.
  • Does Chrome still terminate or slow down when you visit the Bleeping Computer site? How does Chrome perform when you visit other sites? What symptoms or error messages do you get? Does Chrome freeze or does the connection to Bleeping Computer time out? On attempting to post multiple logs, Bleeping Computer times out.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by J K (administrator) on JK-THINK (11-09-2016 08:29:49)
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1860120 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-02] (Lenovo Group Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-02] (AVAST Software)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-09-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Run: [GoogleChromeAutoLaunch_D41A9E33EF2F08E1926FD946650CEEAD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\MountPoints2: {74bc099d-70de-11e6-8dc3-446d57c20514} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-17] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ACGina
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{471d245c-89b4-437d-92ee-a0b690af34c6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6023efde-5162-4acc-b917-ca5f8080336e}: [DhcpNameServer] 192.168.178.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=334B0A125F6AF222402BC050A2C52D03
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-06-07] (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-06-07] (AuthenTec Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\J K\AppData\Roaming\Mozilla\Firefox\Profiles\rrkuyv9i.default
FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?PC=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-05-01] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2015-04-10] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-21] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-05-01] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @citrixonline.com/appdetectorplugin -> C:\Users\J K\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\J K\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-02-28] ()
FF SearchPlugin: C:\Users\J K\AppData\Roaming\Mozilla\Firefox\Profiles\rrkuyv9i.default\searchplugins\bing-avast.xml [2015-01-26]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-12-29] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\J K\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}] - C:\Users\J K\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{F25E3D9D-1A54-4389-98F7-E4D5B830DC33}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [VIP4X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2016-05-07] [not signed]
FF HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (TrueSuite) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Facebook Notifications) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaaihhjgmnafnbkaelaelkfifeimela [2016-04-01]
CHR Extension: (Watsapp messaging for Chrome™) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommmmpbplimfmebiadkflfgbgejahgm [2016-04-01]
CHR Extension: (Facebook App Launcher) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dihbebhmaoagdpbcnfedokpfkkgmmpgc [2016-06-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-06]
CHR Extension: (Video Downloader professional) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-20]
CHR Extension: (AdBlock) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-28]
CHR Extension: (Avast Online Security) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (wechat) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidckkocjhilapjdibodfopjkbnibkcf [2016-05-07]
CHR Extension: (LINE) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-08-20]
CHR Extension: (Video download helper) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-07-22]
CHR Extension: (WhatsApp Web Wrapper) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdjopfnbnkmfldmeffmhgodmlhdnei [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\J K\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-11-09] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-19] (Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-04-05] (Macrovision Europe Ltd.) [File not signed]
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-11] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-11-09] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [60752 2016-08-24] (Lenovo Group Limited)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-02] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-04-10] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-07-07] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-11] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-05-25] (360.cn)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-30] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-11-09] (Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-14] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-17] (GFI Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-04-21] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Tvti2c; C:\Windows\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\system32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-11 08:29 - 2016-09-11 08:30 - 00042605 _____ C:\Users\J K\Desktop\FRST.txt
2016-09-11 08:29 - 2016-09-11 08:29 - 00004193 _____ C:\Users\J K\Desktop\fixlist.txt
2016-09-11 08:27 - 2016-09-11 08:27 - 00010902 _____ C:\Users\J K\Desktop\Fixlog.txt
2016-09-09 20:30 - 2016-09-09 20:31 - 01610560 _____ (Malwarebytes) C:\Users\J K\Desktop\JRT.exe
2016-09-07 21:36 - 2016-09-07 21:36 - 00000000 ____D C:\ProgramData\avastSWCUTemp
2016-09-03 10:48 - 2016-09-03 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-03 08:33 - 2016-09-03 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-09-02 22:32 - 2016-09-11 08:29 - 00000000 ____D C:\FRST
2016-09-02 22:31 - 2016-09-02 22:32 - 02397696 _____ (Farbar) C:\Users\J K\Desktop\FRST64.exe
2016-09-02 20:23 - 2016-09-02 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-02 20:22 - 2016-09-02 20:23 - 00000000 ____D C:\Program Files\iTunes
2016-09-02 20:22 - 2016-09-02 20:22 - 00000000 ____D C:\Program Files\iPod
2016-09-02 20:22 - 2016-09-02 20:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-09-02 20:18 - 2016-09-02 20:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-30 21:13 - 2016-08-30 21:13 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-30 21:12 - 2016-08-30 21:12 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 12:55 - 2016-09-04 10:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-29 12:55 - 2016-08-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-29 07:06 - 2016-08-29 07:06 - 00004406 _____ C:\WINDOWS\system32\.crusader
2016-08-28 21:36 - 2016-08-28 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-08-28 21:36 - 2016-08-28 21:36 - 00000000 ____D C:\Program Files\HitmanPro
2016-08-28 21:35 - 2016-08-29 12:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-28 20:11 - 2016-08-28 20:11 - 00000000 ____D C:\Users\J K\AppData\Roaming\SUPERAntiSpyware.com
2016-08-28 20:09 - 2016-08-28 20:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-08-24 14:50 - 2016-08-24 14:50 - 00257872 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2016-08-22 22:12 - 2016-08-02 23:20 - 00191552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2016-08-22 22:12 - 2016-08-02 23:20 - 00191040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2016-08-21 17:21 - 2016-09-04 10:58 - 00000000 ___DC C:\AdwCleaner
2016-08-20 14:22 - 2016-08-20 14:22 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-20 14:19 - 2015-05-25 08:47 - 00452967 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160820-141929.backup
2016-08-20 13:52 - 2016-08-20 13:52 - 00001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-08-20 13:52 - 2016-08-20 13:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-08-20 13:52 - 2016-08-20 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-08-20 13:51 - 2016-08-20 16:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-20 13:51 - 2016-08-20 14:22 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-20 13:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-08-19 14:20 - 2016-09-11 08:25 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-19 14:20 - 2016-09-11 08:14 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-19 14:20 - 2016-09-04 08:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-19 14:20 - 2016-08-19 14:20 - 00003980 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-19 14:20 - 2016-08-19 14:20 - 00003748 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-19 14:19 - 2016-08-19 14:19 - 00690072 _____ (Dropbox, Inc.) C:\Users\J K\Desktop\DropboxInstaller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-11 08:29 - 2015-11-09 16:18 - 00000000 ____D C:\Users\J K\AppData\Local\Packages
2016-09-11 08:29 - 2015-10-30 19:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-11 08:29 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 08:21 - 2012-09-18 07:41 - 00000000 ___DC C:\Users\J K\AppData\LocalLow\VeriSign
2016-09-11 08:20 - 2016-04-02 14:56 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F32DA718-8921-4B00-B0F2-5991B45391A1}
2016-09-11 08:15 - 2013-12-09 19:10 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001UA.job
2016-09-11 08:15 - 2012-09-09 12:54 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-11 08:14 - 2015-11-09 16:18 - 00000000 __SHD C:\Users\J K\IntelGraphicsProfiles
2016-09-11 08:14 - 2012-09-18 07:37 - 00000000 ___DC C:\Users\J K\AppData\LocalLow\AuthenTec
2016-09-11 08:14 - 2012-09-09 12:54 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-11 08:14 - 2012-09-09 12:36 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-09-09 21:36 - 2015-06-04 20:33 - 00000664 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job
2016-09-09 21:24 - 2015-12-21 19:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-09 21:24 - 2015-12-19 22:03 - 00000000 RSHDC C:\360SANDBOX
2016-09-09 21:24 - 2015-10-30 18:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-09 21:09 - 2014-09-04 13:33 - 00000568 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job
2016-09-09 20:58 - 2015-01-27 09:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-09 20:23 - 2016-06-30 21:12 - 00000000 ____D C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin
2016-09-09 20:15 - 2013-12-09 19:10 - 00000898 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001Core.job
2016-09-09 19:44 - 2015-03-02 08:43 - 00000000 ____D C:\Users\J K\Desktop\Antivirus
2016-09-09 16:05 - 2015-12-21 18:44 - 01022308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-09 16:05 - 2015-10-30 19:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-09 15:15 - 2012-09-09 12:36 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-09-09 14:55 - 2016-01-27 20:10 - 00000000 ____D C:\Users\J K\AppData\Local\CrashDumps
2016-09-09 07:57 - 2015-12-21 18:44 - 00000000 ____D C:\Users\J K
2016-09-08 09:21 - 2016-06-12 11:11 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2016-09-06 16:16 - 2015-08-23 21:19 - 00000000 ____D C:\Users\J K\Desktop\ProShow
2016-09-06 11:25 - 2014-04-25 10:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-04 11:05 - 2013-08-15 22:20 - 00000000 __RDC C:\Users\J K\Dropbox
2016-09-04 08:47 - 2012-09-08 20:18 - 00000000 ___DC C:\ProgramData\Lenovo
2016-09-04 08:37 - 2013-03-20 12:10 - 00000000 ___DC C:\Program Files\WinRAR
2016-09-04 08:37 - 2012-10-14 18:46 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 23:05 - 2015-06-04 20:33 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001
2016-09-03 23:05 - 2014-09-04 13:33 - 00003720 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001
2016-09-03 17:16 - 2013-06-25 14:12 - 00000000 ___DC C:\Users\J K\AppData\Roaming\vlc
2016-09-03 08:34 - 2012-09-09 13:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2016-09-03 08:33 - 2012-09-09 12:45 - 00000000 __HDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-09-03 08:33 - 2012-09-09 12:42 - 00000000 ___DC C:\Program Files (x86)\Lenovo
2016-09-02 20:24 - 2016-07-11 12:20 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2016-09-02 20:24 - 2012-09-18 08:06 - 00001293 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-09-02 20:22 - 2012-11-06 10:16 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-09-02 20:15 - 2015-12-29 10:26 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-02 20:15 - 2013-03-20 12:10 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-02 19:29 - 2016-04-17 14:40 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460860845
2016-09-02 19:29 - 2016-04-17 14:40 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 19:27 - 2015-12-21 18:44 - 00000000 ____D C:\Users\DefaultAppPool
2016-09-02 18:19 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-02 18:19 - 2015-10-30 19:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-30 21:13 - 2014-08-07 22:03 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-30 21:13 - 2014-03-01 11:01 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-30 21:13 - 2013-03-22 11:35 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-30 21:13 - 2013-03-22 11:35 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-30 21:13 - 2012-09-18 09:03 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-30 21:12 - 2016-04-17 14:34 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-30 21:12 - 2012-09-18 09:03 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-30 09:08 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-08-30 07:55 - 2012-09-18 17:29 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Skype
2016-08-30 07:53 - 2012-09-18 17:29 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-08-30 07:53 - 2012-09-18 17:29 - 00000000 ___DC C:\ProgramData\Skype
2016-08-29 08:39 - 2012-09-09 13:09 - 00000000 ____D C:\WINDOWS\util
2016-08-28 19:40 - 2015-12-21 11:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-28 19:39 - 2013-05-06 16:59 - 01493068 _____ C:\WINDOWS\ntbtlog.txt
2016-08-22 22:12 - 2015-04-29 15:42 - 00000000 ___DC C:\Program Files (x86)\Java
2016-08-22 22:10 - 2014-04-27 11:42 - 00921512 _____ (Oracle Corporation) C:\Users\J K\Desktop\chromeinstall-7u55.exe
2016-08-22 21:20 - 2015-02-18 22:44 - 00000000 ___DC C:\ProgramData\Citrix
2016-08-22 21:19 - 2015-02-18 22:43 - 00000000 ___DC C:\Program Files (x86)\Citrix
2016-08-22 21:19 - 2014-09-04 13:33 - 00000000 ___DC C:\Users\J K\AppData\Local\Citrix
2016-08-22 21:17 - 2014-10-11 19:27 - 00000000 ___DC C:\Users\J K\AppData\Roaming\uTorrent
2016-08-21 17:58 - 2014-04-25 10:02 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-20 16:59 - 2016-01-13 11:30 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-20 14:15 - 2012-09-09 12:54 - 00000000 ___DC C:\Program Files (x86)\Google
2016-08-19 14:23 - 2013-08-15 22:20 - 00001314 _____ C:\Users\J K\Desktop\Dropbox.lnk
2016-08-19 14:22 - 2013-08-15 22:05 - 00000000 ___DC C:\Users\J K\AppData\Roaming\Dropbox
2016-08-13 01:58 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 22:03 - 2015-09-10 17:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 21:23 - 2015-10-30 21:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 21:23 - 2015-10-30 19:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 21:15 - 2012-11-14 13:23 - 00000000 ___DC C:\Users\J K\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2016-07-17 16:07 - 2016-07-17 19:41 - 0000229 _____ () C:\Users\J K\AppData\Roaming\.ptbt0
2012-09-18 07:37 - 2012-09-30 21:48 - 0025046 ____C () C:\Users\J K\AppData\Roaming\AbsoluteReminder.xml
2013-05-20 20:43 - 2014-03-03 14:19 - 0000132 ____C () C:\Users\J K\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-09-09 21:18 - 2013-09-09 21:18 - 0001456 ____C () C:\Users\J K\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-04 20:24 - 2016-04-04 20:26 - 0004608 _____ () C:\Users\J K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 12:45 - 2015-04-02 21:25 - 0007628 ____C () C:\Users\J K\AppData\Local\Resmon.ResmonCfg
2015-12-21 18:40 - 2015-12-21 18:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-05 12:05 - 2015-03-05 12:05 - 0000952 __SHC () C:\ProgramData\KGyGaAvL.sys
 
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4724.dll
 
 
Some files in TEMP:
====================
C:\Users\J K\AppData\Local\Temp\HitmanPro.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-06 13:13
 

 

==================== End of FRST.txt ============================
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by J K (11-09-2016 09:07:11) Run:3
Running from C:\Users\J K\Desktop
Loaded Profiles: J K (Available Profiles: J K & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
CHR HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin HKU\S-1-5-21-3861004513-3468025998-4180636218-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (TrueSuite) - C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CustomCLSID: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\J K\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll => No File
Task: {182B5C33-051D-4A6D-9FCC-D46F9DB59093} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {18973A2E-65E7-4235-8175-025FFBC3591A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {232ADA99-AD32-45AA-B2CA-54B751DF18FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4FCB0E99-C176-417C-B7D9-D1F1B54D9B1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {79EF8D06-E420-4E3A-B737-4CFCECA0976E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7B6F54BB-E172-46D9-888A-C8AF81B253C0} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {8F9DF2E0-3FCC-43C4-BB63-B0FAD5158948} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDB404B7-681A-4324-BA4B-6C88B7CF2DF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D4F2725A-3D9A-4E08-8E0E-8EDC4B01D4D3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DDB7875B-1EE1-43CD-953A-98F7E9DCE817} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_auto_align_droplet.bat (No File)
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> DefaultScope {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001 -> {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => key not found. 
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => key not found. 
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => key not found. 
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => key not found. 
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => key not found. 
C:\Users\J K\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Users\J K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182B5C33-051D-4A6D-9FCC-D46F9DB59093} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18973A2E-65E7-4235-8175-025FFBC3591A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{232ADA99-AD32-45AA-B2CA-54B751DF18FF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FCB0E99-C176-417C-B7D9-D1F1B54D9B1C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79EF8D06-E420-4E3A-B737-4CFCECA0976E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B6F54BB-E172-46D9-888A-C8AF81B253C0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9DF2E0-3FCC-43C4-BB63-B0FAD5158948} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9429DE46-0F50-4BA2-B8E6-0F162AD8FB8C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDB404B7-681A-4324-BA4B-6C88B7CF2DF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4F2725A-3D9A-4E08-8E0E-8EDC4B01D4D3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB7875B-1EE1-43CD-953A-98F7E9DCE817} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Align Droplet.lnk => not found.
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} => key not found. 
HKCR\CLSID\{64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} => key not found. 
 
==== End of Fixlog 09:07:16 ====
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by J K (11-09-2016 08:31:51)
Running from C:\Users\J K\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-21 07:13:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3861004513-3468025998-4180636218-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3861004513-3468025998-4180636218-1005 - Limited - Enabled)
DefaultAccount (S-1-5-21-3861004513-3468025998-4180636218-503 - Limited - Disabled)
Guest (S-1-5-21-3861004513-3468025998-4180636218-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3861004513-3468025998-4180636218-1003 - Limited - Enabled)
J K (S-1-5-21-3861004513-3468025998-4180636218-1001 - Administrator - Enabled) => C:\Users\J K
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat 9 Pro - English, Fran鏰is, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
CanoScan Toolbox Ver4.1 (HKLM-x32\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.47.1 - Dropbox, Inc.) Hidden
DxO FilmPack 3 (HKLM\...\{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}) (Version: 3.4.96.0 - DxO Labs)
DxO Optics Pro 8 (HKLM\...\{ECC28C7D-ABF5-4ED1-9B29-6D48BC218393}) (Version: 8.5.0 - DxO Labs)
EaseUS Todo Backup Free 8.9  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.9 - CHENGDU YIWO Tech Development Co., Ltd)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.276 - SurfRight B.V.)
Hugin 2016.0.0 (HKLM-x32\...\Hugin) (Version: 2016.0.0 hg_3b4e2790cb90 - The Hugin Development Team)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.066.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0032 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}) (Version: 16.4.1620.0719 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.3.0 (x86 en-US)) (Version: 45.3.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version:  - Photodex Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Trading Station Publisher (HKLM-x32\...\{7BA18DD0-A91B-471B-A351-F7498BBDDD71}) (Version: 1.80 - Myfxbook Ltd.)
Unity Web Player (HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC Media Player Packages (HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\VLC Media Player Packages) (Version:  - ) <==== ATTENTION
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM\...\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\J K\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03D0F932-DDAA-4969-BAD5-3FAE5AA4CB0C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {08137288-23A6-47E8-89E7-556B20ADE650} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {0BD5E64C-34A2-432D-8CA0-99821CF6ACBA} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {0F51A3CC-A53B-42CE-B3EC-BFDD46A8E59F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {11FDF0CB-271E-4375-9AA8-B3E2BA134B2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {13A932AB-C7B7-4871-A3E4-D2B9DE494C1C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {2A1D8C44-5904-47A4-91A6-10473D18BE11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {357C3558-F86C-41C4-8B95-EFC3D40A2833} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {372A129D-B81B-448D-9046-38534BA7BB76} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {418E1A82-D8EA-47B0-B323-E3375E43B43C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {4227DFA1-4A12-47F7-9B79-59468F1FD9B3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001UA => C:\Users\J K\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {46B2820A-ABD1-406D-AC95-B3F01890AAB9} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-07-07] ()
Task: {497CFC51-283D-4EF6-9E5E-B5DA21E85987} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {4B1C7B17-DC0C-449B-8CA6-AEEC4B9EDEC2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {4CD58F75-B28E-496F-BE01-65FFD744F0F5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5128E177-6C8D-4A84-A62C-1B146B4CD339} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {522CA5C1-C183-49AA-AFC4-64D959CB64BB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {67E1EC54-44C2-4A89-AB11-29B98C0BC655} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {695D09F1-DD8E-432E-B793-0977DFEA3AB9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6AF5C4A0-6F46-4852-82E0-BAC5195018E8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6BD21D78-7D09-4F39-928E-37C7C71B2018} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {6BDEA361-4795-4D1B-BAC3-C2B3015F92D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {6CA41A8A-A465-4804-A59B-D5A3D4AD24B1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6CFF8AFD-416D-4DEE-B189-AD1457C3735E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6DBB39F4-0E3A-41D9-A7A2-89C5B48EF477} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-07-07] ()
Task: {6E2122C1-E4C4-4A0B-B4ED-1F37B9F5C9C5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {71651133-6D9B-4602-8DBA-8A501BD1DF4C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {87E2D342-A63B-4CB1-B91D-3136AE1AD0CA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8D2F70D2-50E3-4459-AFD4-36055CD3F73D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9248D347-1CC8-4D3E-BFA5-EBE4D3ED34C6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-19] (Dropbox, Inc.)
Task: {92797F7B-A41F-47FA-A8CA-0C359F29BE80} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-19] (Dropbox, Inc.)
Task: {93E67E6E-F442-4BB6-8D83-5D8DDDFA186A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {94206456-2704-41D2-863E-BBC01EB94A33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {95C581D6-7B2A-4E43-AAF8-3C9477FCFF71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {99706B01-DDF1-48E4-ABEC-7021329A3938} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9A6D0087-CE73-4570-94AF-CE3EA50D3567} - System32\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001 => C:\Users\J K\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9D3B5988-81B2-4506-8A94-6B7656B163C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {A6450901-D921-4F0E-A3FC-8190EEFF22E9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AB25B8C1-8F93-497B-93A4-B2748BE4348F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B3DBC150-FDB0-4099-99EE-23EE60F4F921} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B5F5CDE7-D8F0-417D-880B-87FC20F3CE25} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {B84BCFC2-FC17-426F-AE15-68329DA639F8} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {BACC8957-0DDD-45D7-8FE5-105BADBF1AC9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BDF8DA16-896F-4998-9506-ED6DC1AC155A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {C191D05A-0AFC-44F9-97D3-A7E54C39CF58} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C2296567-621E-4D92-AEFB-3E0A40077C6E} - System32\Tasks\SafeZone scheduled Autoupdate 1460860845 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {C61928A4-08A0-4EAF-90D7-73600FF62490} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001Core => C:\Users\J K\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D8D5235A-702D-4BED-91DC-DA1605D7458C} - System32\Tasks\avastBCLRestartS-1-5-21-3861004513-3468025998-4180636218-1001 => Firefox.exe 
Task: {DC4DF16B-F89D-414E-9EA2-7750C531ABAB} - System32\Tasks\{AB9080A2-5C77-43FB-B8B2-22ED69000751} => pcalua.exe -a "C:\Users\J K\Downloads\irfanview_plugins_435_setup.exe" -d "C:\Users\J K\Downloads"
Task: {E361AB70-8B3B-4D35-8816-8C3BC49BC9BF} - System32\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001 => C:\Users\J K\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E434EB6E-059A-47FF-8815-78A2920E0EF8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {E803B02C-335F-4298-9E96-EA1F79E1124E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EA4098BD-A133-4F95-A518-320C46A042D0} - System32\Tasks\{57CE760B-E236-4EF1-A001-F6E7C56BBD61} => pcalua.exe -a "C:\Program Files (x86)\Torntv V9.0\Uninstall.exe" -c /fromcontrolpanel=1
Task: {FAC73582-4E35-4E7D-84F6-B6B28F37E06B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {FC5A4E04-40BC-4CFF-A05E-CEF5A887668D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001Core.job => C:\Users\J K\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3861004513-3468025998-4180636218-1001UA.job => C:\Users\J K\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job => C:\Users\J K\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3861004513-3468025998-4180636218-1001.job => C:\Users\J K\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program Files (x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program Files (x86)\Hugin\bin\enfuse_droplet.bat ()
 
ShortcutWithArgument: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook App Launcher.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dihbebhmaoagdpbcnfedokpfkkgmmpgc
ShortcutWithArgument: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde
ShortcutWithArgument: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Watsapp messaging for Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bommmmpbplimfmebiadkflfgbgejahgm
ShortcutWithArgument: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\wechat.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jidckkocjhilapjdibodfopjkbnibkcf
ShortcutWithArgument: C:\Users\J K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WhatsApp Web Wrapper.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nfjdjopfnbnkmfldmeffmhgodmlhdnei
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-09-09 12:35 - 2012-03-07 10:49 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-10 17:38 - 2015-04-10 17:38 - 00186760 ____C () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2016-01-27 20:05 - 2016-01-12 16:43 - 00291264 ____C () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-09-03 08:33 - 2016-07-07 15:21 - 00028544 ____C () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2015-10-30 19:18 - 2015-10-30 19:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-21 18:40 - 2015-12-17 02:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-07 19:03 - 2012-06-07 19:03 - 01163624 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2012-06-07 19:04 - 2012-06-07 19:04 - 00087912 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2016-07-14 18:34 - 2016-07-01 16:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-14 18:34 - 2016-07-01 16:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-01-22 05:52 - 2015-11-04 00:18 - 00249384 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-12-22 08:18 - 2015-12-07 16:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-14 18:37 - 2016-07-01 15:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-09-26 10:04 - 2014-08-20 07:12 - 01356568 ____C () C:\Program Files\Tablet\Pen\libxml2.dll
2015-12-21 18:41 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2016-07-14 18:34 - 2016-07-01 15:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-14 18:34 - 2016-07-01 15:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-14 18:34 - 2016-07-01 15:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-14 18:34 - 2016-07-01 15:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-30 21:12 - 2016-08-30 21:12 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-30 21:12 - 2016-08-30 21:12 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-11 08:14 - 2016-09-11 08:14 - 03085488 _____ () C:\Program Files\AVAST Software\Avast\defs\16091000\algo.dll
2015-01-22 05:52 - 2015-09-22 05:00 - 00080936 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00017448 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00088616 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 01296424 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00060968 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-11-16 15:30 - 2015-11-03 14:45 - 00022568 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2015-11-16 15:30 - 2015-11-03 14:45 - 00186408 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2015-11-16 15:30 - 2015-11-03 14:45 - 00165416 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2015-11-16 15:30 - 2015-11-03 14:45 - 00058408 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2015-11-16 15:30 - 2015-11-03 14:45 - 00015912 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2015-01-22 05:52 - 2015-06-23 04:58 - 00108072 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00077864 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00030760 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00068136 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-01-22 05:52 - 2014-12-15 04:53 - 00158248 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-01-22 05:52 - 2015-03-14 15:54 - 00281128 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00072232 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00139816 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-01-22 05:52 - 2015-06-23 04:58 - 00037416 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-01-22 05:52 - 2015-11-03 10:03 - 00769064 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00193064 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00407080 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-01-22 05:52 - 2015-06-23 04:58 - 00148008 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00076840 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00207912 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-11-16 15:30 - 2015-11-04 00:18 - 00111656 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2015-11-16 15:30 - 2015-11-03 10:03 - 00169512 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2015-11-16 15:30 - 2015-11-10 22:07 - 00501800 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2015-01-22 05:52 - 2015-06-23 04:58 - 00024616 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00020520 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00032296 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00034856 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-01-22 05:52 - 2016-05-10 20:00 - 00019456 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00064040 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00115752 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00201768 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00077864 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00037928 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-01-22 05:52 - 2015-06-23 04:58 - 00136232 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00020008 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00043048 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00353832 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00027176 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00138792 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-01-22 05:52 - 2015-09-24 04:58 - 00146984 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00050216 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00061992 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00089640 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00056360 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2012-09-09 12:51 - 2012-01-17 18:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2016-08-20 13:51 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-20 13:51 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-20 13:51 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 ____C () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2012-09-09 12:35 - 2012-03-07 10:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-01-22 05:52 - 2014-12-14 23:53 - 00223784 ____C () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-09-09 12:55 - 2012-07-13 00:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-07-03 18:27 - 2016-07-03 18:27 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-15 16:28 - 2016-06-15 16:28 - 00101888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Management\252667907e1e3e32b11d87fba7af0023\Windows.Management.ni.dll
2016-06-15 16:29 - 2016-06-15 16:29 - 02921472 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\931208eb21bfb07f9a4995753d6b7f7b\Windows.ApplicationModel.ni.dll
2016-06-15 16:30 - 2016-06-15 16:30 - 00821248 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\70c31a6aefe21a1501d1b781a0217731\Windows.Storage.ni.dll
2016-06-15 16:29 - 2016-06-15 16:29 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll
2016-08-10 04:20 - 2016-08-03 12:24 - 01771336 ____C () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-10 04:20 - 2016-08-03 12:23 - 00094024 ____C () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-10 04:19 - 2016-08-03 11:54 - 17602240 ____C () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
2016-04-20 08:05 - 2016-04-20 08:05 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-20 08:05 - 2016-04-20 08:05 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 08:05 - 2016-04-20 08:05 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7915 more sites.
 
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
 
There are 7955 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-04-10 20:11 - 2016-08-20 14:19 - 00455576 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com
127.0.0.1 139mm.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
 
There are 15636 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logo Calibration Loader.lnk => C:\Windows\pss\Logo Calibration Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ProfileReminder.lnk => C:\Windows\pss\ProfileReminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^J K^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: ACSW15EN => "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" /pid ACSW15EN
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\J K\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "Lenovo Registration"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D41A9E33EF2F08E1926FD946650CEEAD"
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3861004513-3468025998-4180636218-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5CF1F8FC-DFE2-4A46-B357-D42D6EEABF50}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe
FirewallRules: [{FA89E367-4A24-4E00-BF71-1B584A1DF575}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe
FirewallRules: [{9A5F95EA-7367-4A6C-BBFA-BCCC4D2F9CC5}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
FirewallRules: [{5E1569BC-A07D-4567-B66B-E7215F4777E2}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
FirewallRules: [{6E5EA691-C0A7-4AB2-A1FC-5AFE61B9FB51}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{7CDB5BBC-3211-48FD-8C3D-5DF832DF35BD}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{6B348F0A-D40D-4CDD-B03D-2106C6D909C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F95BCA8B-5C8E-4824-9BEF-48A6B1C16BAB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6DB3478D-AA4C-4824-9D39-BF7F823D69BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{175FB86B-3A29-4DC5-9D4C-DF77AD3555A0}] => (Allow) LPort=2869
FirewallRules: [{6D90DDFA-7A31-4104-A0A0-1B387A491E48}] => (Allow) LPort=1900
FirewallRules: [{0B608399-B418-494D-9CF5-44ACB8C6C52F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FD60BDF8-475D-4505-8EE0-DA37C3214AFD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{7ED9D7F2-DEA8-4F78-9485-3C7F599D8EDE}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{66358B21-A2D0-438D-975B-B5C1CBFEB430}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{10E3E7AE-E40A-4390-A04A-C1FDF69B32FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91E468D3-4A65-47B5-9BE8-35EBAA589F5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{157FDBD3-2C07-48EE-8EE3-98284B9A328B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2DBDE4BC-C873-4B0A-80F7-B383275AEA4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C41F300-941E-426E-BE06-35C270EC9878}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{67B90F9A-8178-41A3-855B-9496DDE57BA7}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{EF18A9F4-3212-45C3-8B36-0729CCF80235}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{75A34337-B518-4012-B5DA-FB6D4928353C}C:\users\j k\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\j k\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B5CAB70D-E130-4CFA-A1FE-C8DE465A9EB2}C:\users\j k\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\j k\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{123B7ED2-D6EA-4F6C-9466-EDE78354594A}] => (Allow) C:\Users\J K\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{ED3D9603-709C-45B8-B317-38A9E855432C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99A6B9B6-508A-469B-8994-768811C13137}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{1FE8F92F-4843-4DE9-94E2-10240E22CCA2}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{D0554BFC-AA1C-430F-B044-765F5BDD6B59}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [TCP Query User{4B5DA5CF-8E3D-42D4-A82A-B68BDC1DD64C}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{03B430E7-8443-4774-8ECB-967148B64CD4}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{5A884EB9-CCB1-4B1C-A60F-CFE28CEAC9EC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2D6CAB81-AB96-453C-9CC2-8DDA872E63F2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FCB97484-C47A-4F9D-B821-E5E9C01635F3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{BCA10CAB-0697-4FAB-8CC4-38BDA287DE2B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2E217A16-D0D3-403D-A9E6-72FE83F27CAD}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{8AC2E2CB-4D7F-44FE-812C-4948B990B148}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{C281650A-DA74-483D-82E7-703A507B00D0}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{C00815E0-6293-4773-B6B9-40CDB0132FBE}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A97006A5-49FB-4685-A8A2-EA0C89C2A16D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{22C80324-87F6-4899-918D-FFB0696D97F2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{46FB9881-33DF-4772-8BCD-397B1569B020}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{E5E1B5A1-246B-4409-9B6E-1DDFA768B3B3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{15EE0806-DF26-44F0-9BFD-15910636FA03}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{03201055-7409-4BA5-AE8A-C9C88208FA00}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A0697FE8-E5E5-4552-BCAE-FA4459D80111}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{5A990ED5-E7AE-460B-BE53-6726892B6AFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5A759F7-EB6E-49D5-8D7C-627296A9FD67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3FB3A90-2C87-4B59-9632-3E59D7C27141}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{1E9FD4E4-6EF7-4655-82C5-30FFBBD7AA12}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{1DFCCBD0-CE01-42C8-84D0-D2CFB051535A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{1AEAE69E-B3E5-4DF6-B08F-BB54195D9090}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{9D60C0B8-543F-4A9D-91D9-742675CE3C3E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{637474B4-556C-44CB-AFA4-8423521732D0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7A0B776F-2C1A-4EB4-A879-C480DEB8E728}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7588BBF3-A2C9-4D48-AD4D-1B82746ADE20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7ABCE73F-BE81-4398-B702-1151886E6C88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{83659BE9-3E30-4170-84A5-6C08E48803F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F935694A-E1D2-49CA-B7C1-52BAF0AF2BA4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{593D9E2C-6B5F-4390-864A-4E57C3492FDA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{48C0DDCC-D2EE-4A57-A7D8-6DE1BBC696D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E50B8422-B5AC-4BF1-A0F8-433E60608A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CBC672A2-21DF-4AB1-AAF3-7BBD5013C5E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{33088965-9CA9-4572-BFA0-CD9FCAC3DC31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B93D851-B1D8-4DEF-A07A-736DA491E1BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{655234E6-E4CE-4C80-90C3-DA1199842D5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{647F5295-BCA8-48D1-9B89-69EA8CDB27EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D27024B1-59F5-493E-8EE3-EC8C6B1F8174}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04C080F7-73C5-4418-AADE-CBF5DC862AC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{09ACCCFA-D097-430E-ACFA-14E319E153F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F2A182ED-25B5-4C9C-A628-3478A71FA844}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{92DD0394-CB75-4BB5-9CC3-8CC74FCF9B89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3187D3D4-E17F-4BF3-A1B4-A96E810015EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CEAA3DAF-6177-483B-8F3E-D07F7E1E4F0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84B6FCC8-D231-47DE-BAC9-EF0861F046CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5986409B-9E46-4A90-977E-ED2F15A259E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7C1F9C7F-883F-4FCB-BA0F-A1B451AD3E35}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7E7C8322-4E24-43F9-AA44-6476F9FFC7D1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{6733FFFA-BFCD-4FD7-9452-62AEEDFA703E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{DE845857-AE7E-4095-AE0C-1EA5DFFCE57C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{AC847A52-CF71-4105-B78D-0D4E91B1BB6B}C:\program files (x86)\photodex\proshow gold\proshow.exe] => (Block) C:\program files (x86)\photodex\proshow gold\proshow.exe
FirewallRules: [UDP Query User{00FF6B85-A455-48D8-822E-3403B85D2E6D}C:\program files (x86)\photodex\proshow gold\proshow.exe] => (Block) C:\program files (x86)\photodex\proshow gold\proshow.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
22-08-2016 22:11:25 Installed Java 7 Update 55
29-08-2016 07:02:47 Checkpoint by HitmanPro
02-09-2016 18:18:12 Windows Update
09-09-2016 20:31:32 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2016 08:31:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/09/2016 02:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc000041d
Fault offset: 0x000000000008e2cf
Faulting process id: 0x3298
Faulting application start time: 0x01d20a0f91da0f34
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: 9e313b11-a819-43c4-a53c-2750d72ee5a1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 02:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc0000005
Fault offset: 0x000000000008e2cf
Faulting process id: 0x3298
Faulting application start time: 0x01d20a0f91da0f34
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: db88da43-65ef-45ef-810f-3c59a095b175
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 08:06:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc000041d
Fault offset: 0x000000000008e2cf
Faulting process id: 0x104c
Faulting application start time: 0x01d20a0c3255dd87
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: 0c3c90e9-7973-4e3e-b77f-7e4e2b2901bb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 08:06:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc0000005
Fault offset: 0x000000000008e2cf
Faulting process id: 0x104c
Faulting application start time: 0x01d20a0c3255dd87
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: ef2cade7-be7f-42d0-98e2-bb067bbc8d8a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 07:56:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc000041d
Fault offset: 0x000000000008e2cf
Faulting process id: 0x1068
Faulting application start time: 0x01d20a0b0bdb3b07
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: fd68b425-a46a-406d-a943-ed49baddc933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 07:56:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc0000005
Fault offset: 0x000000000008e2cf
Faulting process id: 0x1068
Faulting application start time: 0x01d20a0b0bdb3b07
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: 1e2b37b0-2ab1-4c7d-9972-1a6497055071
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 07:56:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc000041d
Fault offset: 0x000000000008e2cf
Faulting process id: 0xc84
Faulting application start time: 0x01d20a0b01523209
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: 6ddc0326-18f4-4a5f-b1e0-449b34500d5f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 07:55:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc0000005
Fault offset: 0x000000000008e2cf
Faulting process id: 0xc84
Faulting application start time: 0x01d20a0b01523209
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: e382e90c-6250-4a68-9252-5fad0cee5140
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2016 07:55:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: SHELL32.dll, version: 10.0.10586.545, time stamp: 0x57a1b9ce
Exception code: 0xc000041d
Fault offset: 0x000000000008e2cf
Faulting process id: 0x215c
Faulting application start time: 0x01d20880b77e45db
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: e7ac178e-8bc8-4c37-9133-e715c616ef80
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/09/2016 09:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4ec33 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2016 09:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4ec33 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2016 09:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4ec33 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2016 09:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4ec33 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/09/2016 09:30:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (09/09/2016 09:25:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/09/2016 09:25:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.
 
Error: (09/09/2016 09:25:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/09/2016 09:25:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
 
Error: (09/09/2016 09:25:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-09 21:30:16.718
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-07 08:57:36.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-04 14:02:19.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-04 11:06:49.897
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-04 10:43:24.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-04 08:45:34.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-09-02 19:34:07.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-02 19:33:20.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 09:14:24.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-29 12:37:26.073
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3360M CPU @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 7785.92 MB
Available physical RAM: 3869.9 MB
Total Virtual: 15721.92 MB
Available Virtual: 11818.06 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:445.91 GB) (Free:144.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:5.68 GB) NTFS
Drive s: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.3 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 298E9C26)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=822 MB) - (Type=27)
Partition 4: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by J K (Administrator) on 11-Sep-16 at  9:07:48.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D41A9E33EF2F08E1926FD946650CEEAD (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11-Sep-16 at  9:14:28.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

Your help is much appreciated.

 

JK



#10 RayS

RayS

  • Malware Study Hall Senior
  • 2,328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 11 September 2016 - 10:43 AM

Hi JK,

Thank you for FRST.txt and Addition.txt.

If you want to re-run a tool, please tell me before you do it. In this case, re-running Fixlist.txt and JRT.exe didn't cause any harm, but I didn't expect you to do that. Look again at my Post #8 -- especially the bullet points above my signature.

I did ask you to enter Safe Mode with Networking, and test Chrome in that environment, but that will not be necessary now. Instead, I would like you to test Chrome with all plug-ins and extensions disabled.



I asked:

Does Chrome still terminate or slow down when you visit the Bleeping Computer site? How does Chrome perform when you visit other sites?

Before doing the following steps, please tell me how Chrome performs when you visit sites other than Bleeping Computer.


Again, after you answer the question above, I ask that you perform only the steps shown below and perform them in the sequence as given.



Launch Chrome Without Plugins or Extensions

  • Close Chrome.
  • Press and hold the windows key Windows_Logo_key.gif and type R on your keyboard at the same time.
  • A Run box will open.
  • Copy and paste chrome --disable-extensions into the Run box. (Note that the blank space after the word chrome is required.)
  • Chrome will open without plug-ins or extensions. Check the browser behavior.
  • Do you still see pop-ups when you visit all web pages?
  • Is Bleeping Computer still timing out?
  • Do other sites time out?

To re-enable all your plug-ins and extensions, close Chrome then reopen it.




In your next reply...

  • Please tell me how Chrome initially performed when you visited sites other than Bleeping Computer.
  • After you disable all plug-ins and extensions...
    • Do you still see pop-ups when you visit all web pages?
    • Is Bleeping Computer still timing out?
    • Do other sites time out?
    • How is your computer running now?

Please copy the above list into your reply and type your answers under each question.


Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 12 September 2016 - 12:54 AM

Hi Ray,

 

Please see answers below:

  • Do you still see pop-ups when you visit all web pages? Yes, still got popups for reimageplus.com but others (pckeeper.com and warmportrait.com) seemed less frequent than with plugins enabled.
  • Is Bleeping Computer still timing out? No, did not seem to time out.
  • Do other sites time out? No other sites do not seem to time out.
  • How is your computer running now? Computer still running slow but seems slightly faster than previously.

Thanks,

JK



#12 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 12 September 2016 - 04:37 PM

Hi Ray,

 

I opened IE and Firefox and visited the same website, I didn't encounter the same problems I have with Chrome. I can almost confirm Chrome is the only browser that is affected.

 

In answering (in red) your next reply...

  • Please tell me how Chrome initially performed when you visited sites other than Bleeping Computer. Yes, constant popups and redirection every time I click the page.
  • After you disable all plug-ins and extensions...
    • Do you still see pop-ups when you visit all web pages? Yes I believe so. The popups are blocked by AdBlock although I don't see them. But there are still some re-directions.
    • Is Bleeping Computer still timing out? No, didn't seem to time out.
    • Do other sites time out? No, didn't seem to time out.
    • How is your computer running now? Computer still running slow but seems slightly faster than previously. But with the constant popups and re-directions, it is still slow in comparison.

Thanks, JK



#13 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 12 September 2016 - 04:51 PM

Hi Ray,

 

Sorry some of my answers above didn't turn up RED as intended to.

 

After I sent my above post, I continued to use Chrome without extensions and plugins. The behaviors of Chrome is randomly similar to what I experienced since I initiated this thread, except perhaps it runs (seemingly) slightly faster.

 

Do the scanned results of FRST and JRT give any indication of how the problem can be solved?

 

Thanks,

JK



#14 RayS

RayS

  • Malware Study Hall Senior
  • 2,328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 14 September 2016 - 03:30 PM

Hi JK,


Thank you for complete responses to the issues I raised in my previous posts.
 


After I sent my above post, I continued to use Chrome without extensions and plugins.

Operating without Chrome plug-ins and extensions will make anomalous behavior easier to spot. Please let me know if you re-enable any plug-ins or extensions. It is also important to note that some websites that could be considered unscrupulous will redirect and/or pop-up other websites even on clean machines. Are you getting redirects and/or pop-ups on well-known websites like Amazon, Netflix, YouTube, Bleeping Computer, etc. or are the problems mostly on other sites. Give me some examples. I would like to go a step further. Let's reset Chrome.


To reset Google Chrome 

  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the Reset browser settings section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the Help make Google Chrome better by reporting the current settings box is checkmarked, you are anonymously sending Google your Chrome settings. Reporting these settings allows Google to analyze trends and work to prevent future unwanted settings changes.

Resetting your browser settings will impact the settings below:

  • Default search engine and saved search engines will be reset and to their original defaults.
  • Homepage button will be hidden and the URL that you previously set will be removed.
  • Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
  • New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
  • Pinned tabs will be unpinned.
  • Content settings will be cleared and reset to their installation defaults.
  • Cookies and site data will be cleared.
  • Extensions and themes will be disabled.

After chrome is reset and no extensions are re-enabled, please visit well known websites. Tell me if pop-ups and redirections occur on those sites. Then visit a variety of other sites (including your usual ones). Tell me if pop-ups and redirections occur on those sites.

 

 

Do the scanned results of FRST and JRT give any indication of how the problem can be solved?

These tools are a part of a step-by-step approach to diagnosing and repairing sick computers. We now need to run another tool: RogueKiller.


Download RogueKiller from one of the following links and save it to your desktop: 

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Right-click RogueKiller.exe and select Run As Administrator.
  • When the Prescan has finished, click Scan.
  • When the Status box shows Scan Finished, click Report to show the log. Then close the program. <--Don't fix anything!
  • Copy and paste the report that opens into your next reply.

The log can also be found in the following location:

C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log


After you run RogueKiller, please revisit all the same sites again. Tell me whether you are still getting pop-ups and redirections.



In your next reply...

  • Tell me if you re-enable any Chrome plug-ins or extensions. 
  • Do pop-ups and redirections occur on well known sites?
  • Do pop-ups and redirections occur on other sites?
  • Give me examples of sites that redirect or launch pop-ups.
  • Copy and paste the contents of the RogueKiller report into the body of your message.
  • Are you still getting pop-ups and redirections after you ran RogueKiller? If so, give me examples of problematic sites.
  • Do you have any other concerns about your PC?


It is helpful if you would copy the list above into your reply and intersperse your answers under each item. Using red text for your answers is optional. Inserting a blank line under each answer is just as good.

Thank you for your cooperation,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#15 Joukueh

Joukueh
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 15 September 2016 - 05:40 AM

Hi Ray,

 
It appears that while visiting facebook, the occurrence of popups are less frequent but are stopped by AdBlock. Others like ebay, Amazon, google, bleepingcomputer, www.stuff.co.nz, Netflix all have similar problems with popups and redirections to land.pckeeper.software, app.pckeeper.com, windows pc repair (www.reimageplus.com), www.lan.com, track.myvoluum.website, zr.india-zed.com, we-are-gamers.com (world-of-tanks) etc. etc.
 
During this time, I used Firefox but had not encountered any of these problems.
 
Answers: In your next reply...
After resetting Chrome: (Hold on to running RogueKiller for the time being)
1. Tell me if you re-enable any Chrome plug-ins or extensions. I didn't re-enable any Chrome plug-ins and extensions.
2. Do pop-ups and redirections occur on well known sites? Appear no popups and redirections.
3. Do pop-ups and redirections occur on other sites? Appear no popups and redirections.
4. Give me examples of sites that redirect or launch pop-ups. None
5. Copy and paste the contents of the RogueKiller report into the body of your message. I decided not to run RogueKiller at this moment while waiting for your further instructions, instead report to you what happened after I resetting Chrome. If it is necessary to run it in your opinion, pls let me know.
6. Are you still getting pop-ups and redirections after you ran RogueKiller? If so, give me examples of problematic sites. There is no popups and redirections just after I reset Chrome. Chrome appears to run must faster now. 
7. Do you have any other concerns about your PC? The computer also appears to run faster. Will running RogueKiller further increase the speed of the computer?
 
Awaiting your further instructions.
 
Thanks,
JK





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users