Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google won't work because of Virus redirect?


  • Please log in to reply
9 replies to this topic

#1 Clintmister

Clintmister

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 05 January 2017 - 03:19 PM

Even after multiple Antivirus software uses with deleting threats... when I enter anything Google url, I get this error message:

function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://ssp.zryydi.com/bid/?tag_id=225") document.onclick = null; httpGetAsync("http://sstatic1.histats.com/0.gif?3685753&101", null); }


Any thoughts on getting to the root of deleting whatever causes this?

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:42 PM

Posted 05 January 2017 - 03:34 PM

Step 1: Speccy Scan.
 

  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will appear, post that link.

Step 2: MiniToolBox Scan


Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

Step 3: Autoruns Scan.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

 

Step 4: Security Check Scan.
 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

JRT Scan.

 

 

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

 Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Clintmister

Clintmister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 10:42 AM

Here is my situation information.

 

Thanks for the help!

Step 1: http://speccy.piriform.com/results/CH3OYjgc6NQ4yMxq0ZrVlN2

Step 2:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Clint (administrator) on 05-01-2017 at 23:58:30
Running from "C:\Users\Clint\AppData\Local\Microsoft\Windows\INetCache\IE\WE0WMAXN"
Microsoft Windows 10 Home  (X64)
Model: 80JM Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 59 entries.

========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FClint
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DeNisco Network

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 54-EE-75-53-99-BA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 34-E6-AD-CA-01-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 36-E6-AD-CA-01-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : DeNisco Network
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : 34-E6-AD-CA-01-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c4a5:400b:77b8:6915%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.16(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 5, 2017 11:10:52 PM
   Lease Expires . . . . . . . . . . : Thursday, January 12, 2017 11:10:52 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 137684653
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-06-06-77-54-EE-75-53-99-BA
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 34-E6-AD-CA-01-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {28B9522E-672D-44B7-A08D-79CD1992058A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : DeNisco Network
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  router.DeNisco
Address:  192.168.2.1

Name:    google.com.DeNisco Network
Addresses:  198.105.244.63
   198.105.254.63

Pinging google.com [172.217.4.238] with 32 bytes of data:
Reply from 172.217.4.238: bytes=32 time=54ms TTL=54
Reply from 172.217.4.238: bytes=32 time=62ms TTL=54

Ping statistics for 172.217.4.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 62ms, Average = 58ms
Server:  router.DeNisco
Address:  192.168.2.1

Name:    yahoo.com.DeNisco Network
Addresses:  198.105.244.63
   198.105.254.63

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=92ms TTL=50
Reply from 206.190.36.45: bytes=32 time=89ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 92ms, Average = 90ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...54 ee 75 53 99 ba ......Realtek PCIe GBE Family Controller
  8...34 e6 ad ca 01 08 ......Microsoft Wi-Fi Direct Virtual Adapter
 14...36 e6 ad ca 01 07 ......Microsoft Hosted Network Virtual Adapter
 21...34 e6 ad ca 01 07 ......Intel® Dual Band Wireless-AC 3160
  9...34 e6 ad ca 01 0b ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.16     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0         On-link      192.168.2.16    311
     192.168.2.16  255.255.255.255         On-link      192.168.2.16    311
    192.168.2.255  255.255.255.255         On-link      192.168.2.16    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.2.16    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.2.16    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 21    311 fe80::/64                On-link
 21    311 fe80::c4a5:400b:77b8:6915/128
                                    On-link
  1    331 ff00::/8                 On-link
 21    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2017 11:41:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

System errors:
=============
Error: (01/05/2017 11:49:57 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (01/05/2017 11:49:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (01/05/2017 11:41:59 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/05/2017 11:41:59 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/05/2017 11:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/05/2017 11:13:20 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (01/05/2017 11:11:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/05/2017 11:11:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/05/2017 11:11:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/05/2017 11:10:52 PM) (Source: Service Control Manager) (User: )
Description: The WCAssistantService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Microsoft Office Sessions:
=========================
Error: (01/05/2017 11:41:14 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dll9

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dll9

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dll9

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dll9

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\System32\lxebsm.dllC:\Windows\System32\lxebsm.dll9

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\System32\lxebsm.dllC:\Windows\System32\lxebsm.dll9

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\SysWOW64\LXEBsm.dllC:\Windows\SysWOW64\LXEBsm.dll9

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\SysWOW64\LXEBsm.dllC:\Windows\SysWOW64\LXEBsm.dll9

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\Lexmark Pro200-S500 Series\Drivers\X64\lxebsm64.dllC:\Program Files\Lexmark Pro200-S500 Series\Drivers\X64\lxebsm64.dll9

CodeIntegrity Errors:
===================================
  Date: 2017-01-05 23:50:13.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-05 23:50:13.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-05 23:27:10.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 23:13:38.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-05 23:09:34.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 23:09:33.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume5\Windows\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 21:47:07.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 13:48:03.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 13:45:43.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-05 13:17:37.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

=========================== Installed Programs ============================

Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Audition CC 2015.2 (HKLM-x32\...\AUDT_9_2_1) (Version: 9.2.1 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015.3 (HKLM-x32\...\PPRO_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated)
Adobe Story CC (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.1234 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4ABFEC28-1554-493D-A84D-BEA21D8E6D6F}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus (HKLM\...\{D2CD7DCF-D129-4A54-8543-38BECC6CFDAE}) (Version: 7.6.7.1 - Dolby Laboratories Inc)
Final Draft (HKLM-x32\...\{98CA9FD5-87B8-407B-B803-2DB8A05AACBE}) (Version: 10.0.1.44 - Cast & Crew Production Software, LLC)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.19.0.4140 - Blueberry)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.0 - Genesys Logic)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Harmony (HKLM-x32\...\{A06FD661-4B18-4054-B09C-E852D28E5AEB}) (Version: 1.1.0.0304 - Lenovo) Hidden
Harmony (HKLM-x32\...\{D02D9427-507D-4912-9285-97FCD5417E72}) (Version: 1.1.0.0304 - Lenovo)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404761.40 - Comodo)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.069.02 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.6 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.6 - Lenovo)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.8.1.14 - Symantec Corporation)
NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo) Hidden
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.18.0 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Web Companion (HKLM-x32\...\{c640a44a-c241-4147-b69b-d01729ae375f}) (Version: 2.3.1499.2879 - Lavasoft)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
ZoomInfo Contact Contributor (HKCU\...\ZoomInfo Contact Contributor) (Version: 53 - )

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 8097.92 MB
Available physical RAM: 4557.88 MB
Total Virtual: 9377.92 MB
Available Virtual: 5941.97 MB

========================= Partitions: =====================================

1 Drive c: (Windows8_OS) (Fixed) (Total:891.51 GB) (Free:446 GB) NTFS
2 Drive n: (LENOVO) (Fixed) (Total:25 GB) (Free:24.86 GB) NTFS

========================= Users: ========================================

User accounts for \\FCLINT

Administrator            Clint                    DefaultAccount         
Guest                  

**** End of log ****

 

STEP 3: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 1:45 PM" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 1:29 AM" ""
+ "AutoStartTransition" "" "" "c:\program files (x86)\lenovo\lenovotransition\transitionserver.exe" "11/16/2014 7:38 AM" ""
+ "DDPF3" "DolbyDigitalPlus" "Dolby Laboratories Inc." "c:\program files\dolby\ddp_f3\ddpf3.exe" "11/3/2014 11:43 PM" ""
+ "EzPrint" "" "" "c:\program files (x86)\lexmark pro200-s500 series\ezprint.exe" "4/5/2010 4:56 AM" ""
+ "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe" "10/9/2014 3:55 PM" ""
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe" "3/19/2016 2:54 AM" ""
+ "LenovoUtility" "Lenovo Utility" "" "c:\program files\lenovo\lenovoutility\utility.exe" "12/18/2014 8:37 PM" ""
+ "LMCSSTART1" "Lenovo® Multimedia Subsystem Generic Control Utility" "Lenovo Corporation" "c:\program files\lenovo\communications utility\lmcsctrl.exe" "3/23/2015 12:34 AM" ""
+ "LMCSSTART2" "Lenovo® Multimedia Subsystem Generic Control Utility" "Lenovo Corporation" "c:\program files\lenovo\communications utility\lmcsctrl.exe" "3/23/2015 12:34 AM" ""
+ "LMCSSTART3" "Lenovo® Multimedia Subsystem Generic Control Utility" "Lenovo Corporation" "c:\program files\lenovo\communications utility\lmcsctrl.exe" "3/23/2015 12:34 AM" ""
+ "lxebmon.exe" "Printer Device Monitor" "" "c:\program files (x86)\lexmark pro200-s500 series\lxebmon.exe" "4/1/2010 11:23 AM" ""
+ "Malwarebytes TrayApp" "Malwarebytes Tray Application" "Malwarebytes" "c:\program files/malwarebytes/anti-malware\mbamtray.exe" "12/12/2016 12:07 PM" ""
+ "OneKeyOptimizer" "OneKeyOptimizerTray" "Lenovo(beijing) Limited" "c:\program files\lenovo\onekey optimizer\bin\onekeyoptimizertray.exe" "11/18/2014 4:12 AM" ""
+ "PhoneCompanion" "Lenovo Phone Companion" "Lenovo" "c:\program files\lenovo phonecompanion\phone companion.exe" "8/5/2014 11:40 PM" ""
+ "RtHDVBg_Dolby" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "9/2/2015 5:34 AM" ""
+ "RtHDVBg_LENOVO_DOLBYDRAGON" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "9/2/2015 5:34 AM" ""
+ "RtHDVBg_LENOVO_MICPKEY" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "9/2/2015 5:34 AM" ""
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "9/1/2015 7:18 AM" ""
+ "SynTPEnh" "Synaptics TouchPad 64-bit Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "7/23/2015 5:12 PM" ""
+ "toys" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 11:34 AM" ""
+ "toys" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 1:46 PM" ""
+ "electrolyte" "" "" "File not found: C:\Program Files (x86)\Syllabic\genoese.exe" "" ""
+ "hadera" "" "" "c:\program files (x86)\waistbands\hadera.exe" "12/5/2009 4:50 PM" ""
+ "hostetter" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "midwives" "" "" "File not found: C:\Program Files (x86)\Intramural\scheduled.exe" "" ""
+ "rodin" "" "" "c:\program files (x86)\anthers\rodin.exe" "12/5/2009 4:50 PM" ""
+ "toys" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "tracing" "" "" "File not found: C:\Program Files (x86)\waistbands\sunland.exe" "" ""
"C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "1/5/2017 9:40 AM" ""
+ "ok2089576.lnk" "" "" "File not found: File" "" ""
+ "ok2089576palsy.lnk" "" "" "File not found: File" "" ""
+ "palsy.lnk" "" "" "File not found: File" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "9/18/2016 5:27 AM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/15/2016 8:25 PM" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "1/4/2017 1:00 PM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\55.0.2883.87\installer\chrmstp.exe" "12/8/2016 12:25 AM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/15/2016 7:41 PM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/5/2017 1:45 PM" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\navshext.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "1/5/2017 1:45 PM" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\navshext.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "1/5/2017 1:40 PM" ""
+ "BuPropertySheet" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "TheDeskTopContextMenu Class" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\igfxdtcm.dll" "5/1/2016 11:37 PM" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "1/4/2017 5:53 PM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "c:\program files\malwarebytes\anti-malware\mbshlext.dll" "9/13/2016 9:20 AM" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "9/18/2016 5:32 AM" ""
+ "igfxDTCM" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\igfxdtcm.dll" "5/1/2016 11:37 PM" ""
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "2/23/2016 2:16 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "1/5/2017 1:40 PM" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "c:\program files\malwarebytes\anti-malware\mbshlext.dll" "9/13/2016 9:20 AM" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\navshext.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "1/5/2017 1:40 PM" ""
+ "  OverlayExcluded" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "  OverlayPending" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "  OverlayProtected" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ " AccExtIco1" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ " AccExtIco2" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ " AccExtIco3" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ " SkyDrivePro1 (ErrorConflict)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
+ " SkyDrivePro2 (SyncInProgress)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
+ " SkyDrivePro3 (InSync)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "1/4/2017 1:00 PM" ""
+ " SkyDrivePro1 (ErrorConflict)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
+ " SkyDrivePro2 (SyncInProgress)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
+ " SkyDrivePro3 (InSync)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "1/5/2017 1:40 PM" ""
+ "Lync Browser Helper" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\ochelper.dll" "12/8/2016 9:08 AM" ""
+ "Microsoft OneDrive for Business Browser Helper" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "1/5/2017 1:40 PM" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_111\bin\jp2ssv.dll" "9/22/2016 8:37 PM" ""
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_111\bin\ssv.dll" "9/22/2016 8:37 PM" ""
+ "Lync Browser Helper" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\ochelper.dll" "12/8/2016 9:21 AM" ""
+ "Microsoft OneDrive for Business Browser Helper" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "1/5/2017 1:40 PM" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "1/5/2017 1:40 PM" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "10/24/2016 10:01 AM" ""
+ "Lync Click to Call" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\ochelper.dll" "12/8/2016 9:08 AM" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\onbttnielinkednotes.dll" "12/8/2016 9:21 AM" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\onbttnie.dll" "12/8/2016 9:15 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "1/4/2017 1:00 PM" ""
+ "Lync Click to Call" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\ochelper.dll" "12/8/2016 9:21 AM" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\onbttnielinkednotes.dll" "12/8/2016 9:10 AM" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\onbttnie.dll" "12/8/2016 9:20 AM" ""
"Task Scheduler" "" "" "" "" ""
+ "\ab08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "\AdobeAAMUpdater-1.0-MicrosoftAccount-fclintd@hotmail.com" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 1:29 AM" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/23/2016 5:31 PM" ""
+ "\bak69151299k69151299" "disastrous" "disastrous" "c:\program files (x86)\abhors\abhors.exe" "1/4/2017 5:39 AM" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "1/15/2016 2:18 PM" ""
+ "\CyberLink\Photo Master Gadget startup" "Lenovo Photo Master Update" "CyberLink Corp." "c:\program files (x86)\lenovo\lenovo photo master\photomasterworker.exe" "4/22/2016 2:47 AM" ""
+ "\dc08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "\Lenovo\Lenovo Customer Feedback Program 64" "Lenovo.TVT.CustomerFeedback.Agent" "Lenovo" "c:\program files (x86)\lenovo\customer feedback program\lenovo.tvt.customerfeedback.agent.exe" "9/2/2014 8:44 AM" ""
+ "\Lenovo\Lenovo Customer Feedback Program 64 35" "Lenovo.TVT.CustomerFeedback.Agent" "Lenovo" "c:\program files (x86)\lenovo\customer feedback program 35\lenovo.tvt.customerfeedback.agent35.exe" "9/10/2014 8:04 AM" ""
+ "\Microsoft\Office\Office Automatic Updates" "Microsoft Office Click-to-Run Client (SxS)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe" "12/8/2016 9:21 AM" ""
+ "\Microsoft\Office\Office ClickToRun Service Monitor" "Microsoft Office Click-to-Run Client (SxS)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe" "12/8/2016 9:21 AM" ""
+ "\Microsoft\Office\Office Subscription Maintenance" "Office Subscription Licensing Heartbeat" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe" "12/8/2016 9:05 AM" ""
+ "\Microsoft\Office\OfficeTelemetryAgentFallBack2016" "Office Telemetry Agent" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\msoia.exe" "12/8/2016 9:13 AM" ""
+ "\Microsoft\Office\OfficeTelemetryAgentLogOn2016" "Office Telemetry Agent" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\msoia.exe" "12/8/2016 9:13 AM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 5:42 AM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/15/2016 8:25 PM" ""
X "\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" "" "" "File not found: C:\WINDOWS\System32\AutoWorkplace.exe" "" ""
+ "\Norton Security\Norton Autofix" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\symerr.exe" "8/31/2016 12:49 PM" ""
+ "\Norton Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\symerr.exe" "8/31/2016 12:49 PM" ""
+ "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA nodejs launcher" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvnode\nvnodejslauncher.exe" "11/16/2016 10:38 AM" ""
+ "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "11/17/2016 4:16 AM" ""
+ "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "11/17/2016 4:16 AM" ""
+ "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA telemetry monitor" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmmon.exe" "11/17/2016 4:12 AM" ""
+ "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "11/17/2016 4:11 AM" ""
+ "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "11/17/2016 4:11 AM" ""
+ "\OneDrive Standalone Update Task" "Standalone Updater" "Microsoft Corporation" "c:\users\clint\appdata\local\microsoft\onedrive\17.3.6517.0809\onedrivestandaloneupdater.exe" "8/9/2016 12:20 PM" ""
+ "\UMonitor Task" "" "" "File not found: C:\windows\SysWOW64\UMonit64.exe" "" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/5/2017 11:27 PM" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "12/10/2016 5:16 PM" ""
+ "AdobeUpdateService" "Adobe Update Service" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe" "8/24/2016 9:18 AM" ""
+ "AGSService" "Adobe Genuine Software Integrity Service" "Adobe Systems, Incorporated" "c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe" "12/12/2016 7:15 PM" ""
+ "Apple Mobile Device Service" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "2/12/2015 9:18 PM" ""
+ "AVControlCenter" "Lenovo AVFramework Control Center" "Lenovo Corporation" "c:\program files\lenovo\communications utility\avcontrolcenter32.exe" "3/23/2015 12:32 AM" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "8/12/2015 4:47 PM" ""
+ "CCSDK" "Lenovo CCSDK" "" "c:\program files (x86)\lenovo\ccsdk\ccsdk.exe" "10/21/2014 11:55 PM" ""
+ "ClickToRunSvc" "‪Manages resource coordination, background streaming, and system integration of Microsoft Office products and their related updates. This service is required to run during the use of any Microsoft Office program, during initial streaming installation and all subsequent updates.‬" "Microsoft Corporation" "c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe" "12/8/2016 9:06 AM" ""
+ "cphs" "Intel® Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe" "7/9/2015 5:19 PM" ""
+ "FastbootService" "Lenovo HDD Boot Accelerator" "Lenovo" "c:\program files\lenovo\onekey optimizer\bin\fbservice.exe" "11/19/2014 8:20 AM" ""
+ "FlexNet Licensing Service" "This service performs licensing functions on behalf of FlexNet enabled products." "Flexera Software LLC" "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" "9/28/2015 11:21 AM" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc" "" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc" "" ""
+ "HarmonySettingService" "HarmonySettingService" "Lenovo" "c:\program files (x86)\lenovo\harmony\setting\harmonysettingservice.exe" "2/9/2015 1:39 AM" ""
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe" "8/22/2014 3:24 PM" ""
+ "iBtSiva" "Intel® Wireless Bluetooth® iBtSiva Service" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\ibtsiva.exe" "12/3/2014 4:24 PM" ""
+ "ICCS" "Intel® Integrated Clock Controller Service - Intel® ICCS" "Intel Corporation" "c:\program files (x86)\intel\intel® integrated clock controller service\iccproxy.exe" "4/24/2012 2:46 PM" ""
+ "igfxCUIService2.0.0.0" "Service for Intel® HD Graphics Control Panel" "Intel Corporation" "c:\windows\system32\igfxcuiservice.exe" "5/1/2016 11:35 PM" ""
+ "ImControllerService" "The Lenovo System Interface Foundation Service provides interfaces for key features such as: system power management, system optimization, driver and application updates, and system settings to Lenovo applications including Lenovo Companion, Lenovo Settings and Lenovo ID. If you disable this service, Lenovo applications will not work properly." "Lenovo Group Limited" "c:\program files\lenovo\imcontroller\service\lenovo.modern.imcontroller.exe" "12/1/2016 11:42 AM" ""
+ "Intel® Capability Licensing Service TCP IP Interface" "Version: 1.35.133.1" "Intel® Corporation" "c:\program files\intel\icls client\socketheciserver.exe" "5/13/2014 6:31 AM" ""
+ "Intel® ME Service" "Intel® Manageability Engine Service (Intel® ME Service)" "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe" "9/26/2014 3:06 PM" ""
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "3/19/2016 2:54 AM" ""
+ "isesrv" "Internet Security Essentials" "COMODO" "c:\program files (x86)\comodo\internet security essentials\isesrv.exe" "12/5/2016 7:14 PM" ""
+ "iumsvc" "Intel® Update Manager helps you keep your system up-to-date." "Intel Corporation" "c:\program files (x86)\intel\intel® update manager\bin\iumsvc.exe" "7/1/2015 5:03 PM" ""
+ "jhi_service" "Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL" "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe" "9/23/2014 1:57 PM" ""
+ "Lenovo OKO Service" "OneKey Optimizer Self Update Install Service" "Lenovo(beijing) Limited" "c:\program files\lenovo\onekey optimizer\bin\okoupdataservice.exe" "11/18/2014 4:09 AM" ""
+ "Lenovo Settings Service" "Lenovo Settings Service" "Lenovo Group Limited" "c:\program files\lenovo\settingsdependency\settingsservice.exe" "4/9/2015 11:35 PM" ""
+ "LENOVO.CAMMUTE" "Manages the integrated camera's privacy functions." "Lenovo Corporation" "c:\program files\lenovo\communications utility\cammute.exe" "3/23/2015 12:33 AM" ""
+ "LENOVO.TPKNRSVC" "Handles microphone volume management, Dolby-related features and keyboard noise reduction functions for Lenovo AVFramework." "Lenovo Group Limited" "c:\program files\lenovo\communications utility\tpknrsvc.exe" "3/23/2015 12:34 AM" ""
+ "LENOVO.TVTVCAM" "Manages Integrated Camera virtualization, desktop sharing, and general admin tasks for ThinkVantage Communications Utility." "Lenovo Corporation" "c:\program files\lenovo\communications utility\vcamsvc.exe" "3/23/2015 12:34 AM" ""
+ "LenovoPAWDService" "" "" "c:\program files\lenovo phonecompanion\lpawdservice.exe" "3/12/2014 3:30 AM" ""
+ "LenovoSetSvr" "Lenovo Settings" "Lenovo(beijing) Limited" "c:\program files (x86)\lenovo\lenovo settings\x86\lenovosetsvr.exe" "6/11/2014 2:11 AM" ""
+ "LenovoUpdate" "Check latest updates from Lenovo" "Lenovo" "c:\windows\system32\lenovoupdate.exe" "8/19/2014 6:45 PM" ""
+ "LenovoWiFiHotspotSvr" "Lenovo WiFiHotspot Service" "Lenovo(beijing) Limited" "c:\windows\system32\lenovowifihotspotsvr.exe" "8/25/2014 3:41 AM" ""
+ "LMS" "Intel® Management and Security Application Local Management Service - Provides OS-related Intel® ME functionality." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "9/23/2014 2:01 PM" ""
+ "lxeb_device" "Printer Communication System" " " "c:\windows\system32\lxebcoms.exe" "12/9/2009 2:24 PM" ""
+ "lxebCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\x64\3\lxebserv.exe" "4/1/2010 4:26 AM" ""
+ "MBAMService" "Malwarebytes Service" "Malwarebytes" "c:\program files\malwarebytes\anti-malware\mbamservice.exe" "11/20/2016 3:02 PM" ""
+ "NS" "Norton Security" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\ns.exe" "9/8/2016 3:39 PM" ""
+ "NvContainerLocalSystem" "Container service for NVIDIA root features" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "11/11/2016 3:15 PM" ""
+ "NvContainerNetworkService" "Container service for NVIDIA network features" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "11/11/2016 3:15 PM" ""
+ "NVIDIA Wireless Controller Service" "NVIDIA Wireless Controller Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\geforce experience service\nvwirelesscontroller.exe" "11/16/2016 10:37 AM" ""
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe" "2/23/2016 2:16 PM" ""
+ "OKOControlSvc" "OneKey Optimizer Control Service" "Lenovo(beijing) Limited" "c:\program files\lenovo\onekey optimizer\bin\okocontrolsvc.exe" "11/16/2014 8:58 PM" ""
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "12/8/2016 9:13 AM" ""
+ "PG_Service_Launcher" "PG_Service_Launcher" "PointGrab LTD" "c:\program files (x86)\lenovo\motion control\pg_service_launcher.exe" "5/28/2014 4:15 AM" ""
+ "PGService" "PGService" "PointGrab LTD" "c:\program files (x86)\lenovo\motion control\pgservice.exe" "5/28/2014 4:13 AM" ""
+ "PhoneCompanionPusher" "Lenovo PhoneCompanionPusher Service" "Lenovo" "c:\program files\lenovo phonecompanion\phonecompanionpusher.exe" "8/5/2014 11:47 PM" ""
+ "PhoneCompanionVap" "Lenovo PhoneCompanionVap Service" "Lenovo" "c:\program files\lenovo phonecompanion\phonecompanionvap.exe" "8/5/2014 11:45 PM" ""
+ "ShareItSvc" "ShareItSvc" "SHAREit Technologies Co.Ltd" "c:\program files (x86)\lenovo\shareit\shareit.service.exe" "1/20/2016 7:12 AM" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "7/25/2016 5:32 AM" ""
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe" "2/23/2016 1:55 PM" ""
+ "SynTPEnhService" "64-bit Synaptics Pointing Enhance Service" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenhservice.exe" "7/23/2015 7:43 PM" ""
+ "WCAssistantService" "Ad-Aware Web Companion Internet security service" "" "c:\program files (x86)\lavasoft\web companion\application\lavasoft.wcassistant.winservice.exe" "11/21/2016 10:36 AM" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "7/15/2016 8:24 PM" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "7/15/2016 8:27 PM" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "9/6/2016 10:41 PM" ""
+ "ymc" "Lenovo Yoga Mode Control" "Lenovo" "c:\programdata\lenovotransition\server\x64\ymc.exe" "11/16/2014 7:38 AM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/5/2017 11:27 PM" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "5/18/2015 4:28 PM" ""
+ "ACPIVPC" "ACPI Virtual Power Controller Driver" "Lenovo Corporation" "c:\windows\system32\drivers\acpivpc.sys" "6/19/2014 6:47 AM" ""
+ "ADP80XX" "PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "4/9/2015 2:49 PM" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "5/14/2015 6:14 AM" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "12/11/2012 3:21 PM" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "4/30/2015 6:55 PM" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "4/9/2015 1:12 PM" ""
+ "b06bdrv" "QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "5/25/2016 1:03 AM" ""
+ "bcmfn" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "6/8/2015 2:32 AM" ""
+ "bcmfn2" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "3/16/2014 4:07 AM" ""
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\program files (x86)\norton security\nortondata\22.8.1.14\definitions\bashdefs\20161220.001\bhdrvx64.sys" "11/4/2016 3:39 AM" ""
+ "ccSet_NS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\ccsetx64.sys" "5/5/2016 4:33 PM" ""
+ "cht4iscsi" "Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "4/20/2016 3:54 AM" ""
+ "cht4vbd" "Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "4/15/2016 1:32 AM" ""
+ "ebdrv" "QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "5/25/2016 1:01 AM" ""
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys" "9/16/2016 8:16 PM" ""
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "9/16/2016 8:16 PM" ""
+ "ESProtectionDriver" "" "" "c:\windows\system32\drivers\mbae64.sys" "4/29/2016 4:10 AM" ""
+ "Fastboot" "WINNT/2K/XP/2003 Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\fastboot.sys" "11/19/2014 8:19 AM" ""
+ "GeneStor" "GeneStor" "GenesysLogic" "c:\windows\system32\drivers\genestor.sys" "4/17/2014 2:38 AM" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "3/26/2013 3:36 PM" ""
+ "iagpio" "Intel® Serial IO GPIO Controller Driver" "Intel® Corporation" "c:\windows\system32\drivers\iagpio.sys" "2/18/2016 1:35 AM" ""
+ "iai2c" "Intel® Serial IO I2C Driver" "Intel® Corporation" "c:\windows\system32\drivers\iai2c.sys" "9/22/2015 12:53 AM" ""
+ "iaLPSS2i_GPIO2" "Intel® Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "3/2/2016 8:06 PM" ""
+ "iaLPSS2i_I2C" "Intel® Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "3/2/2016 8:06 PM" ""
+ "iaLPSSi_GPIO" "Intel® Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 3:00 AM" ""
+ "iaLPSSi_I2C" "Intel® Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/24/2015 9:52 AM" ""
+ "iaStorA" "Intel® Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastora.sys" "8/22/2014 3:26 PM" ""
+ "iaStorAV" "Intel® Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "2/19/2015 6:08 AM" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "4/11/2011 12:48 PM" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "4/10/2016 7:46 AM" ""
+ "ibtusb" "Intel® Wireless Bluetooth® USB Driver" "Intel Corporation" "c:\windows\system32\drivers\ibtusb.sys" "7/13/2015 10:52 AM" ""
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\program files (x86)\norton security\nortondata\22.8.1.14\definitions\ipsdefs\20170105.001\idsvia64.sys" "12/2/2016 11:58 AM" ""
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "5/4/2016 1:21 PM" ""
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "9/8/2015 11:06 AM" ""
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "3/24/2016 2:17 AM" ""
+ "isedrv" "Internet Security Essentials Driver" "COMODO" "c:\windows\system32\drivers\isedrv.sys" "12/5/2016 7:15 PM" ""
+ "KMDFVirtualKbd" "" "" "c:\windows\system32\drivers\kmdfvirtualkbd.sys" "8/4/2014 12:16 AM" ""
+ "KMDFVirtualMouse" "" "" "c:\windows\system32\drivers\kmdfvirtualmouse.sys" "8/4/2014 12:20 AM" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "3/25/2015 1:36 PM" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "3/28/2016 12:49 PM" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "3/28/2016 12:49 PM" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "3/15/2013 5:39 PM" ""
+ "MBAMChameleon" "Malwarebytes Chameleon" "Malwarebytes" "c:\windows\system32\drivers\mbamchameleon.sys" "11/19/2016 1:13 PM" ""
+ "MBAMFarflt" "Malwarebytes Anti-Ransomware Protection" "Malwarebytes" "c:\windows\system32\drivers\farflt.sys" "11/2/2016 8:29 AM" ""
+ "MBAMProtection" "Malwarebytes Real-Time Protection" "Malwarebytes" "c:\windows\system32\drivers\mbam.sys" "9/28/2016 9:45 AM" ""
+ "MBAMSwissArmy" "Malwarebytes SwissArmy" "Malwarebytes" "c:\windows\system32\drivers\mbamswissarmy.sys" "11/9/2016 8:21 AM" ""
+ "MBAMWebProtection" "Malwarebytes Web Protection" "Malwarebytes" "c:\windows\system32\drivers\mwac.sys" "11/17/2016 7:02 PM" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "3/4/2015 8:36 PM" ""
+ "megasas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "7/22/2016 3:36 PM" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "6/3/2013 4:02 PM" ""
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverx64.sys" "9/23/2014 2:01 PM" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "4/10/2016 7:49 AM" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "5/23/2014 2:39 PM" ""
+ "NAVENG" "" "" "File not found: C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\SDSDefs\20170105.008\ENG64.SYS" "" ""
+ "NAVEX15" "" "" "File not found: C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\SDSDefs\20170105.008\EX64.SYS" "" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "4/10/2016 7:46 AM" ""
+ "NetAdapterCx" "" "" "c:\windows\system32\drivers\netadaptercx.sys" "7/15/2016 8:28 PM" ""
+ "NETwNb64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwbw02.sys" "2/22/2015 5:00 AM" ""
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 362.00 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys" "2/23/2016 1:31 PM" ""
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "4/21/2014 12:28 PM" ""
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "4/21/2014 12:34 PM" ""
+ "NvStreamKms" "Nvidia Streaming Kernel Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys" "11/3/2016 2:09 PM" ""
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "10/4/2016 1:20 AM" ""
+ "percsas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "3/14/2016 6:50 PM" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "3/4/2016 3:22 PM" ""
+ "PxHlpa64" "Px Engine Device Driver for 64-bit (x86-64) Windows" "Corel Corporation" "c:\windows\system32\drivers\pxhlpa64.sys" "4/24/2012 11:26 AM" ""
+ "rt640x64" "Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt640x64.sys" "5/5/2015 10:21 AM" ""
+ "rtsuvc" "Realtek UVC Driver for Vista/Win7/Win8/Win8.1" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsuvc.sys" "5/29/2015 3:18 AM" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 12:28 PM" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 3:56 PM" ""
+ "SmbDrvI" "Synaptics SMBus Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\smb_driver_intel.sys" "7/23/2015 4:26 PM" ""
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\srtsp64.sys" "9/13/2016 7:14 PM" ""
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\srtspx64.sys" "9/2/2016 7:56 PM" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "11/26/2012 6:02 PM" ""
+ "SymEFASI" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\symefasi64.sys" "10/12/2016 12:18 PM" ""
+ "SymELAM" "Symantec ELAM" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\symelam.sys" "6/4/2012 7:04 PM" ""
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys" "9/8/2016 1:47 PM" ""
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\ironx64.sys" "9/2/2016 3:44 PM" ""
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\symnets.sys" "9/14/2016 8:43 PM" ""
+ "SynTP" "Synaptics Touchpad Win64 Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "7/23/2015 4:21 PM" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "4/22/2014 1:21 PM" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "1/21/2013 1:00 PM" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "4/10/2016 7:46 AM" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "4/10/2016 7:46 AM" ""
+ "wsvd" "CyberLink Virtual Disk Driver" ""CyberLink" "c:\windows\system32\drivers\wsvd.sys" "6/13/2012 3:10 AM" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "9/18/2016 5:27 AM" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "11/2/2016 4:31 AM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/28/2016 5:10 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/15/2016 8:26 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/28/2016 5:10 PM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "7/15/2016 7:42 PM" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "9/23/2016 7:11 PM" ""
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Video Renderer" "" "" "c:\program files (x86)\freecodecpack\haali\dxr.x64.dll" "4/14/2013 4:07 AM" ""
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "12/1/2016 3:42 PM" ""
+ "BB Dump Filter" "File Dump Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\common files\blueberry software\bbmemdumpflt.ax" "9/7/2006 1:42 AM" ""
+ "DXVA Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\gretech\gomplayer\codecs\mpeg2decfilter.ax" "6/5/2004 2:09 AM" ""
+ "GDCL MP4 Demux" "GDCL Mpeg-4 Demux" "GDCL (www.gdcl.co.uk)" "c:\windows\syswow64\mp4decoder.dll" "9/17/2012 2:27 AM" ""
+ "H.264/MPEG-4 AVC Codec" "H.264/MPEG-4 AVC Codec" "Evaer Technology" "c:\windows\syswow64\h264enc.ax" "4/27/2016 12:30 AM" ""
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Video Renderer" "" "" "c:\program files (x86)\freecodecpack\haali\dxr.dll" "4/14/2013 3:59 AM" ""
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Microcrap MPEG-4 Video Decompressor" "Microcrap MPEG-4 Video Decompressor" "Microcrap Corporation" "c:\windows\syswow64\mpg4ds32.ax" "12/8/1999 2:19 AM" ""
+ "MPEG Audio Decoder (MAD)" "Mpeg Audio Decoder for DirectShow, based on libmad" "Gabest" "c:\program files (x86)\gretech\gomplayer\codecs\mpadecfilter.ax" "5/17/2004 10:06 PM" ""
+ "Mpeg2Dec Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\gretech\gomplayer\codecs\mpeg2decfilter.ax" "6/5/2004 2:09 AM" ""
+ "VSFilter" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\freecodecpack\vsfilter.dll" "12/31/1969 6:00 PM" ""
+ "VSFilter (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\freecodecpack\vsfilter.dll" "12/31/1969 6:00 PM" ""
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax" "12/19/2011 12:31 AM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "9/18/2016 6:15 AM" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/15/2016 8:17 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "9/18/2016 6:02 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "8/12/2015 4:48 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "9/18/2016 6:02 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "8/12/2015 4:47 PM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "12/26/2016 3:15 PM" ""
+ "BJ Language Monitor4" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm4.dll" "3/12/2009 12:50 PM" ""
+ "HP 7012 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts7012lm.dll" "8/11/2013 10:12 AM" ""
+ "Pro200-S500 Series Port" "Printer Communication System" " " "c:\windows\system32\lxeblmpm.dll" "12/9/2009 2:24 PM" ""
"HKLM\Software\Microsoft\Office\Outlook\Addins" "" "" "" "9/18/2016 5:56 AM" ""
+ "Connect Class" "OutlookChangeNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\outlookchangenotifieraddin.dll" "3/2/2016 4:55 PM" ""
"HKCU\Software\Microsoft\Office\Outlook\Addins" "" "" "" "1/5/2017 1:45 PM" ""
+ "{2272AE7A-0C30-48E1-91DF-F9E666276C0C}" "AntiSpam MS Outlook Plugin" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\msouplug.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "1/4/2017 1:00 PM" ""
+ "LyncAddin Class" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\ucaddin.dll" "12/9/2016 10:15 PM" ""

 

STEP 4:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Clint (Administrator) on Thu 01/05/2017 at 23:40:47.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 12

Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
Successfully deleted: C:\ProgramData\my web shield (Folder)
Successfully deleted: C:\Users\Clint\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\Clint\AppData\Roaming\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\d3dho8bg.default\user.js (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\a\winonit.exe (File)
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder)

Deleted the following from C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\d3dho8bg.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/05/2017 at 23:46:27.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

STEP 5:

# AdwCleaner v6.041 - Logfile created 06/01/2017 at 00:13:24
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-05.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Clint - FCLINT
# Running from : C:\Users\Clint\AppData\Local\Microsoft\Windows\INetCache\IE\RHFS506B\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: WCAssistantService

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Users\Clint\AppData\Local\app

***** [ Files ] *****

[-] File deleted: C:\Users\Clint\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File deleted: C:\Users\Clint\AppData\Local\aatxtname.txt
[-] File deleted: C:\Users\Clint\AppData\Local\tr5b.txt
[-] File deleted: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\d3dho8bg.default\searchplugins\yahoo-lavasoft.xml

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Key deleted: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.newtab.url" -  "hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10300_FYD_161201__yaff"
[-] Chrome preferences cleaned: "browser.newtabpage.url" -  "hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10300_FYD_161201__yaff"
[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10300_FYD_161201__yaff"
[-] [C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www.yahoo.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5380 Bytes] - [06/01/2017 00:13:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [5735 Bytes] - [06/01/2017 00:11:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5526 Bytes] ##########

 



#4 FoxMain

FoxMain

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 06 January 2017 - 06:03 PM

Hey Clint. I had the same problem as you did yesterday with the same message and all, and I found a fix to it two days later.

 

You'll want to head to https://www.hitmanpro.com/en-us/hmp.aspx to download a 30 day trial of Hitman Pro.  Get it and just do a normal scan, no need to tweak settings. If both of our issues are the same, then the scan should notice that google.com is bound to a certain IP address. Let the scan finish, reboot, and google should be back. If not, then try some other antivirus programs, or wait for Inadequate, as I'm not too well versed in this category. 



#5 apio

apio

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 08 January 2017 - 01:49 PM

FoxMain, it just worked perfectly to me, same issue, it is solved.

 

Thanks.



#6 tempuser1

tempuser1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 08 January 2017 - 11:58 PM

Hey Clint. I had the same problem as you did yesterday with the same message and all, and I found a fix to it two days later.

 

You'll want to head to https://www.hitmanpro.com/en-us/hmp.aspx to download a 30 day trial of Hitman Pro.  Get it and just do a normal scan, no need to tweak settings. If both of our issues are the same, then the scan should notice that google.com is bound to a certain IP address. Let the scan finish, reboot, and google should be back. If not, then try some other antivirus programs, or wait for Inadequate, as I'm not too well versed in this category. 

You da man! Been struggling with this all day, after cleaning up all the malware and stuff. Worked like a charm. Thanks dude!



#7 Aezrell

Aezrell

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 09 January 2017 - 05:48 AM

Hey Clint. I had the same problem as you did yesterday with the same message and all, and I found a fix to it two days later.

 

You'll want to head to https://www.hitmanpro.com/en-us/hmp.aspx to download a 30 day trial of Hitman Pro.  Get it and just do a normal scan, no need to tweak settings. If both of our issues are the same, then the scan should notice that google.com is bound to a certain IP address. Let the scan finish, reboot, and google should be back. If not, then try some other antivirus programs, or wait for Inadequate, as I'm not too well versed in this category. 

Registered in this forum just to thank you. This worked like a charm to me!

Best regards!



#8 Jayc1947

Jayc1947

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 14 January 2017 - 01:57 PM

tempuser1 Thank you so much for posting that hitmanpro.com link. It worked like magic. I've been trying everything on the net, but no luck until I found your post.    Again thank you!

#9 birdie95

birdie95

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 26 January 2018 - 12:20 PM

Note in the OP's data for autorun  (I assume)  ----->

STEP 3: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 1:45 PM" ""

...that he has the "Microcrap MPEG-4 Video Decompressor" in c:\windows\syswow64\mpg4ds32.ax.  This is signed by "Microcrap Corporation", which is alarming since it implies to me that somebody successfully used the Windows signing mechanism to make a spoof file.  Not knowing anything about it, I have just assumed that Microsoft issued strong "keys" for entities that wanted to certify their software.

 

I found this in my autoruns trying to get rid of Nvidia's VulcanRT.  I have Googled all over the place and am not finding much about it.  Can you check your autoruns and see if the Microcrap stuff still shows up?  If so, can you post the MD5?  If not, I'll look into that hitmanpro thing.  I'm really surprised that Microcrap problem is on a new machine since from what I've seen, it appears to be an XP-vintage issue.  (I'm running Win7)

 

my file (stupid PowerShell truncates MD5, but that should be plenty)----->

PS C:\Windows\SysWOW64> Get-FileHash -Algorithm md5 .\MPG4DS32.AX

Algorithm                  Hash                       Path
---------                  ----                       ----
MD5                        99F8BD46F424A2086A0821F... C:\Windows\SysWOW64\MP..

thanks,

alan.



#10 Clintmister

Clintmister
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 26 January 2018 - 04:03 PM

Hey Alan. I had a person on this forum take that information and he had me run something that completely flushed it out. So microcrap is no longer on there and I don't know what fixed it, but I'm glad it's better now. haha

 

Yeah, seems like Hitman worked for everyone else. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users