Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google doesn't work because of Virus redirect?


  • Please log in to reply
10 replies to this topic

#1 FoxMain

FoxMain

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 05 January 2017 - 07:28 PM

Hello. I've been having a problem with google recently, Windows 10 here. Whenever I try to go to google.com or google search, it displays a security error with an invalid certificate. If I try to change the link from https to http, i get a blank white page with the text "function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://www1.xmediaserve.com/apu.php?n=&zoneid=17529&cb=INSERT_RANDOM_NUMBER_HERE&direct=1") document.onclick = null; httpGetAsync("http://sstatic1.histats.com/0.gif?3685753&101", null); }" and nothing more. This problem has only happened recently after yesterday. I know the problem probably stems from a shady download I used yesterday out of extreme desperation, and it bopped me. I've run Malwarebytes Anti Malware about 4 times and tried solutions form another thread, but the problem still persists. Certain google sites like drive.google.com work fine, but google.com displays the message on chrome, edge, and firefox. Any help is greatly appreciated, and thanks in advance.

 

1. http://speccy.piriform.com/results/d8ei3HAFpJGLzgbk0bqsjRg

2. http://pasted.co/f254a07a

3. http://pastebin.com/umTEKSve

4. http://pasted.co/488286dc

5. http://pastebin.com/fXMhYDwd

6. http://pasted.co/53f7fb2f

 

Mod Edit: Split into own topic from https://www.bleepingcomputer.com/forums/t/636609/google-wont-work-because-of-virus-redirect/#entry4154734 So that the OP will have his own topic to get personalized help. 


Edited by FoxMain, 05 January 2017 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 05 January 2017 - 11:21 PM

Can you please copy and paste the logs here, I'd rather see them all in one spot to make things easier for me. Soon as that is done, I will begin helping. :)



#3 FoxMain

FoxMain
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 05 January 2017 - 11:53 PM

Alright. The speccy log seems too big to add here (server timed out while posting), but if you'd like it in a separate post, do ask. On a side note, YouTube has stopped working today, too. Videos won't load and the site doesn't fully load either. Considering that it's only happened today, I think it's related to the issue at hand. 

 

MINI TOOLBOX
MiniToolBox by Farbar Version: 17-06-2016
Ran by name (administrator) on 05-01-2017 at 17:41:35
Running from "C:\Users\name\Downloads"
Microsoft Windows 10 Home (X64)
Model: 80QF Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com
 
There are 55 entries.
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Intel® Dual Band Wireless-AC 8260 = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 taskoffload=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled mtu=1500 nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
Host Name . . . . . . . . . . . . : DESKTOP-FLJ10AR
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : attlocal.net
 
Wireless LAN adapter Wi-Fi:
 
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 8260
Physical Address. . . . . . . . . : A4-34-D9-56-1F-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : A4-34-D9-56-1F-13
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-EE-75-87-75-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:30a:2c0d:dc90:e179:2e05:5911:7ffb(Preferred)
Temporary IPv6 Address. . . . . . : 2602:30a:2c0d:dc90:2438:a483:46a1:6442(Preferred)
Link-local IPv6 Address . . . . . : fe80::e179:2e05:5911:7ffb%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.78(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 5, 2017 3:05:15 PM
Lease Expires . . . . . . . . . . : Friday, January 6, 2017 3:05:15 PM
Default Gateway . . . . . . . . . : fe80::ae5d:10ff:fe90:3d79%9
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 55897717
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-12-44-EC-54-EE-75-87-75-B2
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth PAN HelpText
Physical Address. . . . . . . . . : A4-34-D9-56-1F-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.attlocal.net:
 
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8
 
Name: google.com
Addresses: 2607:f8b0:4009:812::200e
     172.217.6.110
 
 
Pinging google.com [172.217.1.46] with 32 bytes of data:
Reply from 172.217.1.46: bytes=32 time=26ms TTL=54
Reply from 172.217.1.46: bytes=32 time=24ms TTL=54
 
Ping statistics for 172.217.1.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 26ms, Average = 25ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8
 
Name: yahoo.com
Addresses: 2001:4998:44:204::a7
     2001:4998:c:a06::2:4008
     2001:4998:58:c02::a9
     98.139.183.24
     98.138.253.109
     206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=47ms TTL=50
Reply from 98.139.183.24: bytes=32 time=46ms TTL=50
 
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 46ms, Maximum = 47ms, Average = 46ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...a4 34 d9 56 1f 12 ......Intel® Dual Band Wireless-AC 8260
3...a4 34 d9 56 1f 13 ......Microsoft Wi-Fi Direct Virtual Adapter
9...54 ee 75 87 75 b2 ......Realtek PCIe GBE Family Controller
5...a4 34 d9 56 1f 16 ......Bluetooth PAN HelpText
1...........................Software Loopback Interface 1
8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.78 35
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.78 291
192.168.1.78 255.255.255.255 On-link 192.168.1.78 291
192.168.1.255 255.255.255.255 On-link 192.168.1.78 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.78 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.78 291
===========================================================================
Persistent Routes:
None
 
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 291 ::/0 fe80::ae5d:10ff:fe90:3d79
1 331 ::1/128 On-link
9 291 2602:30a:2c0d:dc90::/64 On-link
9 291 2602:30a:2c0d:dc90:2438:a483:46a1:6442/128
On-link
9 291 2602:30a:2c0d:dc90:e179:2e05:5911:7ffb/128
On-link
9 291 fe80::/64 On-link
9 291 fe80::e179:2e05:5911:7ffb/128
On-link
1 331 ff00::/8 On-link
9 291 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/05/2017 05:31:01 PM) (Source: ESENT) (User: )
Description: firefox (3120) An attempt to open the file "C:\Users\name\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/05/2017 03:20:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/05/2017 03:19:04 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/05/2017 03:19:01 PM) (Source: Perflib) (User: )
Description: rdyboost4
 
Error: (01/05/2017 03:19:01 PM) (Source: PerfNet) (User: )
Description:
 
Error: (01/05/2017 03:19:00 PM) (Source: Perflib) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (01/05/2017 03:18:58 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/05/2017 03:18:58 PM) (Source: Perflib) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (01/05/2017 03:18:57 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (01/05/2017 03:07:25 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
    (HRESULT : 0x80040210) (0x80040210)
 
 
System errors:
=============
Error: (01/05/2017 03:18:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2017 03:18:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2017 03:18:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2017 03:07:20 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2 = The system cannot find the file specified.
 
 
Error: (01/05/2017 03:05:24 PM) (Source: Service Control Manager) (User: )
Description: The Wondershare Application Framework Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (01/05/2017 03:05:09 PM) (Source: vjoy) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (01/05/2017 03:05:09 PM) (Source: vjoy) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (01/05/2017 03:05:09 PM) (Source: vjoy) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (01/05/2017 03:05:09 PM) (Source: vjoy) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (01/05/2017 03:05:09 PM) (Source: vjoy) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2017 05:31:01 PM) (Source: ESENT)(User: )
Description: firefox3120C:\Users\name\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (01/05/2017 03:20:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (01/05/2017 03:19:04 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/05/2017 03:19:01 PM) (Source: Perflib)(User: )
Description: rdyboost4
 
Error: (01/05/2017 03:19:01 PM) (Source: PerfNet)(User: )
Description:
 
Error: (01/05/2017 03:19:00 PM) (Source: Perflib)(User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (01/05/2017 03:18:58 PM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/05/2017 03:18:58 PM) (Source: Perflib)(User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (01/05/2017 03:18:57 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
Error: (01/05/2017 03:07:25 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    (HRESULT : 0x80040210) (0x80040210)
 
 
=========================== Installed Programs ============================
 
60 Seconds! (HKLM-x32\...\NjBTZWNvbmRz_is1) (Version: 1 - )
Acoustica Mixcraft 7 (64-bit) (HKLM-x32\...\Mixcraft 7-64) (Version: 7.0.7.316 - Acoustica)
Aegisub 3.2.2 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Angry Video Game Nerd Adventures (HKLM-x32\...\QW5ncnlWaWRlb0dhbWVOZXJkQWR2ZW50dXJlcw==_is1) (Version: 1 - )
AVS Video Editor 7.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.1.4.264 - Online Media Technologies Ltd.)
Baldur's Gate: Enhanced Edition (HKLM\...\Steam App 228280) (Version: - Beamdog)
Bastion (HKLM\...\Steam App 107100) (Version: - Supergiant Games)
Batman: Arkham City GOTY (HKLM\...\Steam App 200260) (Version: - Rocksteady Studios)
Bitcoin Core (64-bit) (HKCU\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
Call of Duty® - World at War™ (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
ClipGrab 3.5.6 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Deus Ex: Game of the Year Edition (HKLM\...\Steam App 6910) (Version: - Ion Storm)
Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Drug Lord 2 (HKLM-x32\...\Drug Lord 2) (Version: - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Fallout (HKLM\...\Steam App 38400) (Version: - Interplay Inc.)
Fallout 2 (HKLM\...\Steam App 38410) (Version: - Black Isle Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout Tactics (HKLM\...\Steam App 38420) (Version: - 14° East)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
File Splitter and Joiner (FFSJ v3.3) (HKLM-x32\...\File Splitter and Joiner_is1) (Version: - Le Minh Hoang)
Fishing Planet (HKLM\...\Steam App 380600) (Version: - Fishing Planet LLC)
Fistful of Frags (HKLM\...\Steam App 265630) (Version: - Fistful of Frags Team)
GameLoad 2.0.0 (HKLM-x32\...\{7FEA7AEB-C073-4687-B3E1-5282DFABAB56}_is1) (Version: 2.0.0 - Ant Media, s. r. o.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM\...\Steam App 316790) (Version: - Double Fine Productions)
Gross Out (HKLM-x32\...\Gross Out 1.2.0) (Version: 1.2.0 - 3RDSense)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
Halite (HKLM\...\{B2C09126-EBB0-464E-8AA6-1D844E84B92D}) (Version: 0.4.04 - BinaryNotions.com)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{644380A4-11D0-48CB-AAB8-CCB6BD072784}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Hyperdimension Neptunia Re;Birth1 (HKLM\...\Steam App 282900) (Version: - IDEA FACTORY Co., Ltd.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.6 (HKLM-x32\...\{2B710CA5-99F0-4D29-962C-29A7CFF7A989}) (Version: 2.6.0.32 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4505 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6f0207e-ac43-48a9-bfff-3d879b45694d}) (Version: 18.12.1 - Intel Corporation)
ISO Compressor (HKLM-x32\...\{57CB1DFF-3C1F-4907-89D9-6A3CF4C5213D}_is1) (Version: - isocompressor.com)
IUWEshare SD Memory Card Recovery Wizard 1.1.5.8 (HKLM-x32\...\IUWEshare SD Memory Card Recovery Wizard 1.1.5.8_is1) (Version: - IUWEshare)
KCP-0.6.0.6 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.6.0.6 - Haruhichan.com)
Laplink PCmover Express - Personal Use (HKLM-x32\...\{16463F64-5878-4E56-B87D-5F5EE9D37729}) (Version: 10.00.641 - Laplink Software, Inc.)
Laplink USB Cable Drivers (HKLM-x32\...\{BBD1DD9E-FD88-48A2-9E93-4DFB96872164}) (Version: 1.00.0000 - Laplink Software, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}) (Version: 3.0.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.069.02 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MAYFLASH GameCube Controller Adapter (HKLM-x32\...\{FEF678F8-4BD4-4692-8288-6CAFFDFD7739}) (Version: 3.85 - MAYFLASH)
Megadimension Neptunia VII (HKLM\...\Steam App 460120) (Version: - Idea Factory)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Monopoly - SpongeBob SquarePants Edition (HKLM-x32\...\Monopoly - SpongeBob SquarePants Edition) (Version: 32.0.0.0 - Nick Arcade)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
Organ Trail: Director's Cut (HKLM\...\Steam App 233740) (Version: - The Men Who Wear Many Hats)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Pinnacle VideoSpin (HKLM-x32\...\{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}) (Version: 1.1.2.542 - Pinnacle Systems)
Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{5BE0E395-86C0-4539-B6BB-AE9125F452F7}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
PSP ISO Compressor (HKLM-x32\...\{D47087E7-AA15-4D1D-8C0A-60F7E446D597}) (Version: 1.4.0 - danny_kay1710)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7756 - Realtek Semiconductor Corp.)
Rebuild 3: Gangs of Deadsville (HKLM\...\Steam App 257170) (Version: - Northway Games)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.18.0 - Synaptics Incorporated)
Taiga (HKCU\...\Taiga) (Version: 1.2 - erengy)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
The Ultimate DOOM (HKLM\...\Steam App 2280) (Version: - id Software)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Trimmer Tycoon (HKLM\...\Steam App 505750) (Version: - Improx Games)
Ultimate Magic Cube 1.21 (HKLM-x32\...\Ultimate Magic Cube) (Version: 1.21 - Wouter Meesen)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
vJoy Device Driver 2.1.6.20 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 2.1.6.20 - Shaul Eizikovich)
Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Dr.Fone for Android(Build 6.2.1.49) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.2.1.49 - Wondershare Software Co.,Ltd.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 34%
Total physical RAM: 7986.05 MB
Available physical RAM: 5220.3 MB
Total Virtual: 8498.05 MB
Available Virtual: 5766.73 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:885.95 GB) (Free:336.48 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:4.87 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-FLJ10AR
 
Administrator DefaultAccount Guest
name
 
 
**** End of log ****
 
(AUTORUNS)
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
+ "anselmo"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "anselmoanselmo"    ""    ""    "File not found: C:\Program Files (x86)\Fecundity\rathmann.exe"    ""    ""
+ "DAX2_APP"    ""    ""    "c:\program files\dolby\dolby dax2\dax2_app\dolbydax2trayicon.exe"    "6/16/2015 4:53 AM"    ""
+ "IAStorIcon"    "Delayed launcher"    "Intel Corporation"    "c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe"    "6/23/2015 8:00 AM"    ""
+ "LenovoUtility"    "Lenovo Utility"    ""    "c:\program files\lenovo\lenovoutility\utility.exe"    "8/11/2015 8:38 PM"    ""
+ "RtHDVBg_Dolby"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"    "2/19/2016 2:00 AM"    ""
+ "RtHDVBg_LENOVO_DOLBYDRAGON"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"    "2/19/2016 2:00 AM"    ""
+ "RtHDVBg_LENOVO_MICPKEY"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"    "2/19/2016 2:00 AM"    ""
+ "RTHDVCPL"    "Realtek HD Audio Manager"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravcpl64.exe"    "3/1/2016 4:36 AM"    ""
+ "SynTPEnh"    "Synaptics TouchPad 64-bit Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"    "7/23/2015 5:12 PM"    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/5/2017 3:04 PM"    ""
+ "amd_dc_opt"    "AMD Dual-Core Optimizer"    "AMD"    "c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe"    "7/22/2008 12:53 PM"    ""
+ "cellular"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "cellularcellular"    ""    ""    "File not found: C:\Program Files (x86)\Fecundity\rathmann.exe"    ""    ""
+ "HP Software Update"    "hpwuSchd Application"    "Hewlett-Packard"    "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"    "5/30/2013 1:49 PM"    ""
+ "HPUsageTrackingLEDM"    "HP UT LEDM Driver"    "Hewlett-Packard Company"    "c:\program files (x86)\hp\hp ut ledm\bin\hppusg.exe"    "8/4/2009 5:21 PM"    ""
+ "Wondershare Helper Compact.exe"    "Wondershare Studio"    "Wondershare"    "c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe"    "9/11/2014 4:10 AM"    ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/5/2017 1:51 PM"    ""
+ "07GOTE7U8W"    ""    ""    "File not found: C:\Program Files\GVUFG6M6DC\MMAXAKTH5.exe"    ""    ""
+ "applets"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "appletsapplets"    ""    ""    "File not found: C:\Program Files (x86)\Fecundity\rathmann.exe"    ""    ""
+ "BlueStacks Agent"    "BlueStacks Agent"    "BlueStack Systems, Inc."    "c:\program files (x86)\bluestacks\hd-agent.exe"    "12/13/2016 11:23 AM"    ""
+ "buyer"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "buyerbuyer"    ""    ""    "File not found: C:\Program Files (x86)\Fecundity\rathmann.exe"    ""    ""
+ "deserving"    ""    ""    "File not found: C:\Program Files (x86)\burglar\deserving.exe"    ""    ""
+ "Discord"    "Discord"    "Hammer & Chisel, Inc."    "c:\users\hhnguyen\appdata\local\discord\app-0.0.296\discord.exe"    "8/23/2016 3:35 PM"    ""
+ "HP OfficeJet 3830 series (NET)"    "ScanToPCActivationApp"    "Hewlett-Packard Development Company, LP"    "c:\program files\hp\hp officejet 3830 series\bin\scantopcactivationapp.exe"    "3/9/2015 2:47 PM"    ""
+ "ME77OHAS55"    ""    ""    "File not found: C:\Program Files\UXA6N40ZAE\UXA6N40ZA.exe"    ""    ""
+ "OneDrive"    "Microsoft OneDrive"    "Microsoft Corporation"    "c:\users\hhnguyen\appdata\local\microsoft\onedrive\onedrive.exe"    "12/8/2016 2:29 AM"    ""
+ "Steam"    "Steam Client Bootstrapper"    "Valve Corporation"    "c:\program files (x86)\steam\steam.exe"    "12/19/2016 8:19 PM"    ""
+ "tourneys"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "VKWNER4DH9"    ""    ""    "File not found: C:\Program Files\9QWB4LTIYP\BASNRZSC2.exe"    ""    ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"    ""    ""    ""    "1/5/2017 3:18 PM"    ""
+ "Uninstall C:\Users\hhnguyen\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"    ""    ""    "File not found: rmdir"    ""    ""
"C:\Users\hhnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
+ "LeOWZx.vbs"    ""    ""    "c:\users\hhnguyen\appdata\roaming\microsoft\windows\start menu\programs\startup\leowzx.vbs"    "9/29/2016 6:39 PM"    ""
+ "riverhead.lnk"    ""    ""    "File not found: File"    ""    ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "8/13/2016 6:16 PM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "7/15/2016 8:25 PM"    ""
+ "Microsoft Windows Media Player"    ""    ""    "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe"    ""    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "1/5/2017 1:51 PM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "7/15/2016 7:41 PM"    ""
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office16\msoxmlmf.dll"    "7/30/2015 6:21 AM"    ""
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "ms-help"    "Microsoft® Help Data Services Module"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\help\hxds.dll"    "7/30/2015 6:30 AM"    ""
+ "mso-minsb.16"    "Microsoft Office 2016 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\msosb.dll"    "1/12/2016 8:07 AM"    ""
+ "osf.16"    "Microsoft Office 2016 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\msosb.dll"    "1/12/2016 8:07 AM"    ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/11/2016 8:18 PM"    ""
+ "SHAREit.FileContextMenuExt"    "Shell Extension"    "Lenovo"    "c:\program files (x86)\lenovo\shareit\shellex\shellext64.dll"    "8/12/2014 2:28 AM"    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"    "2/3/2016 1:38 PM"    ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers"    ""    ""    ""    "8/13/2016 6:19 PM"    ""
+ "TheDeskTopContextMenu Class"    "igfxDTCM Module"    "Intel Corporation"    "c:\windows\system32\igfxdtcm.dll"    "8/19/2016 2:48 PM"    ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "8/13/2016 6:30 PM"    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes"    "c:\program files (x86)\malwarebytes anti-malware\mbamext.dll"    "2/24/2016 11:14 AM"    ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/11/2016 8:18 PM"    ""
+ "SHAREit.FileContextMenuExt"    "Shell Extension"    "Lenovo"    "c:\program files (x86)\lenovo\shareit\shellex\shellext64.dll"    "8/12/2014 2:28 AM"    ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "8/13/2016 6:19 PM"    ""
+ "igfxDTCM"    "igfxDTCM Module"    "Intel Corporation"    "c:\windows\system32\igfxdtcm.dll"    "8/19/2016 2:48 PM"    ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes"    "c:\program files (x86)\malwarebytes anti-malware\mbamext.dll"    "2/24/2016 11:14 AM"    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"    "2/3/2016 1:38 PM"    ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"    "2/3/2016 1:38 PM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ " SkyDrivePro1 (ErrorConflict)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\grooveex.dll"    "1/12/2016 8:27 AM"    ""
+ " SkyDrivePro2 (SyncInProgress)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\grooveex.dll"    "1/12/2016 8:27 AM"    ""
+ " SkyDrivePro3 (InSync)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\grooveex.dll"    "1/12/2016 8:27 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
+ " SkyDrivePro1 (ErrorConflict)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\grooveex.dll"    "1/12/2016 8:09 AM"    ""
+ " SkyDrivePro2 (SyncInProgress)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\grooveex.dll"    "1/12/2016 8:09 AM"    ""
+ " SkyDrivePro3 (InSync)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\grooveex.dll"    "1/12/2016 8:09 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "Microsoft OneDrive for Business Browser Helper"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\grooveex.dll"    "1/12/2016 8:27 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
+ "Microsoft OneDrive for Business Browser Helper"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\grooveex.dll"    "1/12/2016 8:09 AM"    ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onbttnielinkednotes.dll"    "11/24/2015 8:35 AM"    ""
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onbttnie.dll"    "11/10/2015 3:03 PM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\onbttnielinkednotes.dll"    "11/10/2015 2:57 PM"    ""
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\onbttnie.dll"    "11/10/2015 3:07 PM"    ""
+ "SmartPrint"    "HP Smart Print Setup"    "Hewlett-Packard"    "c:\program files (x86)\hewlett-packard\smartprint\smartprintsetup.exe"    "1/26/2011 11:05 PM"    ""
"Task Scheduler"    ""    ""    ""    ""    ""
+ "\CyberLink\Photo Master Gadget startup"    "Lenovo Photo Master Update"    "CyberLink Corp."    "c:\program files (x86)\lenovo\lenovo photo master\photomasterworker.exe"    "4/22/2016 2:47 AM"    ""
+ "\HPCustParticipation HP OfficeJet 3830 series"    "HP Product Improvement Study"    "Hewlett-Packard Development Company, LP"    "c:\program files\hp\hp officejet 3830 series\bin\hpcustpartic.exe"    "3/9/2015 2:34 PM"    ""
+ "\Lenovo\Lenovo Customer Feedback Program 64"    "Lenovo.TVT.CustomerFeedback.Agent"    "Lenovo"    "c:\program files (x86)\lenovo\customer feedback program\lenovo.tvt.customerfeedback.agent.exe"    "7/8/2015 9:51 AM"    ""
+ "\Lenovo\Lenovo Solution Center Launcher"    "Lenovo Solution Center"    "Lenovo"    "c:\program files\lenovo\lenovo solution center\app\lscservice.exe"    "7/17/2015 11:35 AM"    ""
+ "\Lenovo\LSC\Lenovo Solution Center Notifications"    "Lenovo Solution Center Notifications"    "Lenovo"    "c:\program files\lenovo\lenovo solution center\lscnotify.exe"    "6/19/2015 6:24 AM"    ""
+ "\Lenovo\LSC\LSCHardwareScan"    ""    ""    "c:\program files\lenovo\lenovo solution center\lsc.exe"    "7/17/2015 10:09 AM"    ""
+ "\Microsoft\Office\Office 15 Subscription Heartbeat"    "Office Subscription Licensing Heartbeat"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office16\olicenseheartbeat.exe"    "7/30/2015 6:35 AM"    ""
+ "\Microsoft\Office\OfficeTelemetryAgentFallBack2016"    "Office Telemetry Agent"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\msoia.exe"    "7/30/2015 6:19 AM"    ""
+ "\Microsoft\Office\OfficeTelemetryAgentLogOn2016"    "Office Telemetry Agent"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\msoia.exe"    "7/30/2015 6:19 AM"    ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "7/16/2016 5:42 AM"    ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "7/15/2016 8:23 PM"    ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "7/15/2016 8:23 PM"    ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "7/15/2016 8:23 PM"    ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Verification"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"    "7/15/2016 8:23 PM"    ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "7/15/2016 8:25 PM"    ""
+ "\OneDrive Standalone Update Task v2"    "Standalone Updater"    "Microsoft Corporation"    "c:\users\hhnguyen\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe"    "12/8/2016 2:29 AM"    ""
+ "\Sa72585177258517"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "\Sak89692554k89692554"    ""    ""    "File not found: C:\Program Files (x86)\di\di.exe"    ""    ""
+ "\{0C0E0B47-7F7A-0E0A-7911-7E0E7F081105}"    ""    ""    "File not found: bypass"    ""    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "1/5/2017 5:54 PM"    ""
+ "BstHdAndroidSvc"    "BlueStacks Service"    "BlueStack Systems, Inc."    "c:\program files (x86)\bluestacks\hd-service.exe"    "12/13/2016 11:20 AM"    ""
+ "BstHdLogRotatorSvc"    "BlueStacks Log Rotator Service"    "BlueStack Systems, Inc."    "c:\program files (x86)\bluestacks\hd-logrotatorservice.exe"    "12/13/2016 11:21 AM"    ""
+ "BstHdPlusAndroidSvc"    "BlueStacks Service"    "BlueStack Systems, Inc."    "c:\program files (x86)\bluestacks\hd-plus-service.exe"    "12/13/2016 11:18 AM"    ""
+ "CCSDK"    "Lenovo Customer Engagement Service is for the continuous improvement of Lenovo products and services. Lenovo will collect only basic information about your usage of your device and the preloaded applications, without any appreciable inconvenience to your usage of your device. These processes do not involve the collection of any personally identifiable information."    "Lenovo"    "c:\program files (x86)\lenovo\ccsdk\ccsdk.exe"    "7/28/2015 7:56 PM"    ""
+ "cphs"    "Intel® Content Protection HECI Service - enables communication with the Content Protection FW"    "Intel Corporation"    "c:\windows\syswow64\intelcphecisvc.exe"    "7/9/2015 5:19 PM"    ""
+ "cplspcon"    "Intel® Content Protection HDCP Service - enables communication with Content Protection HDCP HW"    "Intel Corporation"    "c:\windows\system32\intelcphdcpsvc.exe"    "8/19/2016 3:16 PM"    ""
+ "DAX2API"    "Dolby DAX2 API Service is used by Dolby DAX2 applications to control Dolby Audio components in the system."    ""    "c:\program files\dolby\dolby dax2\dax2_api\dolbydax2api.exe"    "1/27/2016 7:04 AM"    ""
+ "ESRV_SVC_WILLAMETTE"    "Intel® Energy Checker SDK. ESRV Service WILLAMETTE"    ""    "c:\program files\intel\sur\willamette\esrv\esrv_svc.exe"    "6/8/2016 9:12 AM"    ""
+ "EvtEng"    "Manages the event trace messages for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\evteng.exe"    "6/12/2015 2:06 AM"    ""
+ "GDCAgent"    "Lenovo GDCAgent"    "Lenovo"    "c:\program files (x86)\lenovo\gdcagentsetupred\gdcagent.exe"    "7/29/2015 3:14 AM"    ""
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    ""    "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc"    ""    ""
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    ""    "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc"    ""    ""
+ "HP LaserJet Service"    "A system service that allows HP Software to easily connect to your LaserJet for everyday tasks."    "HP"    "c:\program files (x86)\hp\hplaserjetservice\hplaserjetservice.exe"    "6/24/2009 10:57 AM"    ""
+ "HPSIService"    "HP Smart-Install Service"    "HP"    "c:\windows\system32\hpsisvc.exe"    "9/26/2012 12:05 AM"    ""
+ "IAStorDataMgrSvc"    "Provides storage event notification and manages communication between the storage driver and user space applications."    "Intel Corporation"    "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe"    "6/3/2015 3:43 AM"    ""
+ "ibtsiva.exe"    "Intel® Wireless Bluetooth® iBtSiva Service"    "Intel Corporation"    "c:\program files (x86)\intel\bluetooth\utilities\ibtsiva.exe"    "7/1/2015 9:19 PM"    ""
+ "igfxCUIService2.0.0.0"    "Service for Intel® HD Graphics Control Panel"    "Intel Corporation"    "c:\windows\system32\igfxcuiservice.exe"    "8/19/2016 2:46 PM"    ""
+ "ImControllerService"    "The Lenovo System Interface Foundation Service provides interfaces for key features such as: system power management, system optimization, driver and application updates, and system settings to Lenovo applications including Lenovo Companion, Lenovo Settings and Lenovo ID. If you disable this service, Lenovo applications will not work properly."    "Lenovo Group Limited"    "c:\program files\lenovo\imcontroller\service\lenovo.modern.imcontroller.exe"    "12/1/2016 11:42 AM"    ""
+ "LSCWinService"    "LSCWinService"    "Lenovo"    "c:\program files\lenovo\lenovo solution center\app\lscwinservice.exe"    "7/17/2015 11:34 AM"    ""
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"    "12/8/2016 6:49 PM"    ""
+ "MyWiFiDHCPDNS"    "Wireless PAN DHCP and DNS Server"    ""    "c:\program files\intel\wifi\bin\pandhcpdns.exe"    "6/12/2015 1:44 AM"    ""
+ "ose64"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"    "7/30/2015 6:39 AM"    ""
+ "RegSrvc"    "Provides registry access to all Intel® PROSet/Wireless Software components"    "Intel® Corporation"    "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"    "6/12/2015 1:41 AM"    ""
+ "Steam Client Service"    "Steam Client Service monitors and updates Steam content"    "Valve Corporation"    "c:\program files (x86)\common files\steam\steamservice.exe"    "12/19/2016 8:17 PM"    ""
+ "SynTPEnhService"    "64-bit Synaptics Pointing Enhance Service"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenhservice.exe"    "7/23/2015 7:43 PM"    ""
+ "SystemUsageReportSvc_WILLAMETTE"    "Inte® System Usage Report Service SystemUsageReportSvc_WILLAMETTE monitors the computer system usage and helps to improve system's performance."    ""    "c:\program files (x86)\intel driver update utility\sur\sursvc.exe"    "6/8/2016 9:04 AM"    ""
+ "USER_ESRV_SVC_WILLAMETTE"    "Intel® Energy Checker SDK. ESRV Service WILLAMETTE"    ""    "c:\program files\intel\sur\willamette\esrv\esrv_svc.exe"    "6/8/2016 9:12 AM"    ""
+ "WdNisSvc"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\windows defender\nissrv.exe"    "7/15/2016 8:24 PM"    ""
+ "WinDefend"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\msmpeng.exe"    "7/15/2016 8:27 PM"    ""
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "9/6/2016 10:41 PM"    ""
+ "WsAppService"    "Wondershare Application Framework Service"    "Wondershare"    "c:\program files (x86)\wondershare\waf\2.2.4.1\wsappservice.exe"    "7/12/2016 2:20 AM"    ""
+ "WsDrvInst"    "Wondershare Driver Install Service"    "Wondershare"    "c:\program files (x86)\wondershare\dr.fone for android\driverinstall.exe"    "8/10/2016 6:28 AM"    ""
+ "ymc"    "Lenovo Yoga Mode Control"    "Lenovo"    "c:\programdata\lenovotransition\server\x64\ymc.exe"    "8/5/2015 2:36 AM"    ""
+ "ZeroConfigService"    "Manages the zero configuration service for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\zeroconfigservice.exe"    "6/12/2015 2:03 AM"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "1/5/2017 5:54 PM"    ""
+ "3ware"    "LSI 3ware SCSI Storport Driver"    "LSI"    "c:\windows\system32\drivers\3ware.sys"    "5/18/2015 4:28 PM"    ""
+ "ACPIVPC"    "ACPI Virtual Power Controller Driver"    "Lenovo Corporation"    "c:\windows\system32\drivers\acpivpc.sys"    "5/14/2015 11:52 PM"    ""
+ "ADP80XX"    "PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller"    "PMC-Sierra"    "c:\windows\system32\drivers\adp80xx.sys"    "4/9/2015 2:49 PM"    ""
+ "amdsata"    "AHCI 1.3 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "5/14/2015 6:14 AM"    ""
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "12/11/2012 3:21 PM"    ""
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "4/30/2015 6:55 PM"    ""
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "PMC-Sierra, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "4/9/2015 1:12 PM"    ""
+ "b06bdrv"    "QLogic Gigabit Ethernet VBD"    "QLogic Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "5/25/2016 1:03 AM"    ""
+ "bcmfn"    "BCM Function 2 Device Driver"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\bcmfn.sys"    "6/8/2015 2:32 AM"    ""
+ "bcmfn2"    "BCM Function 2 Device Driver"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\bcmfn2.sys"    "3/16/2014 4:07 AM"    ""
+ "BstHdDrv"    "BlueStacks Hypervisor for amd64"    "BlueStack Systems"    "c:\program files (x86)\bluestacks\hd-hypervisor-amd64.sys"    "12/13/2016 11:20 AM"    ""
+ "BstkDrv"    "Bluestacks Support Driver"    "Bluestack System Inc. "    "c:\program files (x86)\bluestacks\bstkdrv.sys"    "9/26/2016 10:20 AM"    ""
+ "cht4iscsi"    "Chelsio iSCSI VMiniport Driver"    "Chelsio Communications"    "c:\windows\system32\drivers\cht4sx64.sys"    "4/20/2016 3:54 AM"    ""
+ "cht4vbd"    "Virtual Bus Driver for Chelsio ® T4 Chipset"    "Chelsio Communications"    "c:\windows\system32\drivers\cht4vx64.sys"    "4/15/2016 1:32 AM"    ""
+ "cpuz138"    "CPUID Driver"    "CPUID"    "c:\users\hhnguyen\appdata\local\temp\cpuz138\cpuz138_x64.sys"    "2/26/2015 1:04 AM"    ""
+ "dg_ssudbus"    "SAMSUNG USB Composite Device Driver"    "Samsung Electronics Co., Ltd."    "c:\windows\system32\drivers\ssudbus.sys"    "8/24/2016 2:00 AM"    ""
+ "ebdrv"    "QLogic 10 GigE VBD"    "QLogic Corporation"    "c:\windows\system32\drivers\evbda.sys"    "5/25/2016 1:01 AM"    ""
+ "GeneStor"    "GeneStor"    "GenesysLogic"    "c:\windows\system32\drivers\genestor.sys"    "7/13/2015 5:07 AM"    ""
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "3/26/2013 3:36 PM"    ""
+ "iagpio"    "Intel® Serial IO GPIO Controller Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\iagpio.sys"    "2/18/2016 1:35 AM"    ""
+ "iai2c"    "Intel® Serial IO I2C Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\iai2c.sys"    "9/22/2015 12:53 AM"    ""
+ "iaLPSS2i_GPIO2"    "Intel® Serial IO GPIO Driver v2"    "Intel Corporation"    "c:\windows\system32\drivers\ialpss2i_gpio2.sys"    "3/2/2016 8:06 PM"    ""
+ "iaLPSS2i_I2C"    "Intel® Serial IO I2C Driver v2"    "Intel Corporation"    "c:\windows\system32\drivers\ialpss2i_i2c.sys"    "3/2/2016 8:06 PM"    ""
+ "iaLPSSi_GPIO"    "Intel® Serial IO GPIO Controller Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ialpssi_gpio.sys"    "2/2/2015 3:00 AM"    ""
+ "iaLPSSi_I2C"    "Intel® Serial IO I2C Controller Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ialpssi_i2c.sys"    "2/24/2015 9:52 AM"    ""
+ "iaStorA"    "Intel® Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastora.sys"    "6/3/2015 3:38 AM"    ""
+ "iaStorAV"    "Intel® Rapid Storage Technology driver (inbox) - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorav.sys"    "2/19/2015 6:08 AM"    ""
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "4/11/2011 12:48 PM"    ""
+ "ibbus"    "InfiniBand Fabric Bus Driver"    "Mellanox"    "c:\windows\system32\drivers\ibbus.sys"    "4/10/2016 7:46 AM"    ""
+ "ibtusb"    "Intel® Wireless Bluetooth® Filter Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ibtusb.sys"    "7/1/2015 9:20 PM"    ""
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"    "8/19/2016 3:18 PM"    ""
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"    "3/1/2016 7:09 AM"    ""
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"    "8/10/2016 7:29 PM"    ""
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "3/25/2015 1:36 PM"    ""
+ "LSI_SAS2i"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2i.sys"    "3/28/2016 12:49 PM"    ""
+ "LSI_SAS3i"    "Avago SAS Gen3 Driver (StorPort)"    "Avago Technologies"    "c:\windows\system32\drivers\lsi_sas3i.sys"    "3/28/2016 12:49 PM"    ""
+ "LSI_SSS"    "LSI SSS PCIe/Flash Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sss.sys"    "3/15/2013 5:39 PM"    ""
+ "MBAMSwissArmy"    "Malwarebytes Anti-Malware"    "Malwarebytes"    "c:\windows\system32\drivers\mbamswissarmy.sys"    "7/28/2015 10:26 PM"    ""
+ "megasas"    "MEGASAS RAID Controller Driver for Windows"    "Avago Technologies"    "c:\windows\system32\drivers\megasas.sys"    "3/4/2015 8:36 PM"    ""
+ "megasas2i"    "MEGASAS RAID Controller Driver for Windows"    "Avago Technologies"    "c:\windows\system32\drivers\megasas2i.sys"    "7/22/2016 3:36 PM"    ""
+ "megasr"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "6/3/2013 4:02 PM"    ""
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\teedriverw8x64.sys"    "7/7/2015 11:43 AM"    ""
+ "mlx4_bus"    "MLX4 Bus Driver"    "Mellanox"    "c:\windows\system32\drivers\mlx4_bus.sys"    "4/10/2016 7:49 AM"    ""
+ "mvumis"    "Marvell Flash Controller Driver"    "Marvell Semiconductor, Inc."    "c:\windows\system32\drivers\mvumis.sys"    "5/23/2014 2:39 PM"    ""
+ "ndfltr"    "NetworkDirect Support Filter Driver"    "Mellanox"    "c:\windows\system32\drivers\ndfltr.sys"    "4/10/2016 7:46 AM"    ""
+ "NetAdapterCx"    ""    ""    "c:\windows\system32\drivers\netadaptercx.sys"    "7/15/2016 8:28 PM"    ""
+ "NETwNe64"    "Intel® Wireless WiFi Link Driver"    "Intel Corporation"    "c:\windows\system32\drivers\netwew01.sys"    "1/6/2015 10:19 AM"    ""
+ "Netwtw04"    "Intel® Wireless WiFi Link Driver"    "Intel Corporation"    "c:\windows\system32\drivers\netwtw04.sys"    "2/25/2016 12:26 PM"    ""
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "4/21/2014 12:28 PM"    ""
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "4/21/2014 12:34 PM"    ""
+ "percsas2i"    "MEGASAS RAID Controller Driver for Windows"    "Avago Technologies"    "c:\windows\system32\drivers\percsas2i.sys"    "3/14/2016 6:50 PM"    ""
+ "percsas3i"    "MEGASAS RAID Controller Driver for Windows"    "Avago Technologies"    "c:\windows\system32\drivers\percsas3i.sys"    "3/4/2016 3:22 PM"    ""
+ "rt640x64"    "Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver "    "Realtek "    "c:\windows\system32\drivers\rt640x64.sys"    "5/5/2015 10:21 AM"    ""
+ "rtsuvc"    "Realtek UVC Driver for Vista/Win7/Win8/Win8.1"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtsuvc.sys"    "6/11/2015 2:52 AM"    ""
+ "semav6msr64"    ""    ""    "c:\windows\system32\drivers\semav6msr64.sys"    "1/24/2014 1:22 PM"    ""
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "9/24/2008 12:28 PM"    ""
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "10/1/2008 3:56 PM"    ""
+ "SmbDrvI"    "Synaptics SMBus Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\smb_driver_intel.sys"    "7/23/2015 4:26 PM"    ""
+ "ssudmdm"    "@oem54.inf,%ssud.Service.Desc%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)"    "Samsung Electronics Co., Ltd."    "c:\windows\system32\drivers\ssudmdm.sys"    "8/24/2016 2:00 AM"    ""
+ "stexstor"    "Promise SuperTrak EX Series Driver for Windows x64"    "Promise Technology, Inc."    "c:\windows\system32\drivers\stexstor.sys"    "11/26/2012 6:02 PM"    ""
+ "SynTP"    "Synaptics Touchpad Win64 Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"    "7/23/2015 4:21 PM"    ""
+ "TIEHDUSB"    "tiehdusb.sys"    "Texas Instruments"    "c:\windows\system32\drivers\tiehdusb.sys"    "9/3/2009 3:15 PM"    ""
+ "VBoxDrv"    "VirtualBox Support Driver"    "Oracle Corporation"    "c:\windows\system32\drivers\vboxdrv.sys"    "12/18/2013 10:19 AM"    ""
+ "VBoxNetAdp"    "VirtualBox Host-Only Network Adapter Driver"    "Oracle Corporation"    "c:\windows\system32\drivers\vboxnetadp.sys"    "12/18/2013 10:13 AM"    ""
+ "VBoxNetFlt"    "VirtualBox Bridged Networking Driver"    "Oracle Corporation"    "c:\windows\system32\drivers\vboxnetflt.sys"    "12/18/2013 10:13 AM"    ""
+ "VBoxUSBMon"    "VirtualBox USB Monitor Driver"    "Oracle Corporation"    "c:\windows\system32\drivers\vboxusbmon.sys"    "12/18/2013 10:13 AM"    ""
+ "vjoy"    "KMDF Virtual Joystick Driver"    "Shaul Eizikovich"    "c:\windows\system32\drivers\vjoy.sys"    "2/3/2016 4:24 AM"    ""
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "4/22/2014 1:21 PM"    ""
+ "VSTXRAID"    "VIA StorX RAID Controller Driver"    "VIA Corporation"    "c:\windows\system32\drivers\vstxraid.sys"    "1/21/2013 1:00 PM"    ""
+ "WinMad"    "Kernel WinMad"    "Mellanox"    "c:\windows\system32\drivers\winmad.sys"    "4/10/2016 7:46 AM"    ""
+ "WinVerbs"    "Kernel WinVerbs"    "Mellanox"    "c:\windows\system32\drivers\winverbs.sys"    "4/10/2016 7:46 AM"    ""
+ "wsvd"    "CyberLink Virtual Disk Driver"    ""CyberLink"    "c:\windows\system32\drivers\wsvd.sys"    "6/13/2012 3:10 AM"    ""
+ "XtuAcpiDriver"    "Intel® Acpi Control Driver"    "Intel Corporation"    "c:\windows\system32\drivers\xtuacpidriver.sys"    "2/26/2015 6:51 AM"    ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers"    ""    ""    ""    "8/13/2016 6:16 PM"    ""
+ "Adobe Type Manager"    "Windows NT OpenType/Type 1 Font Driver"    "Adobe Systems Incorporated"    "c:\windows\system32\atmfd.dll"    "11/2/2016 4:31 AM"    ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "1/1/2017 1:48 PM"    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "7/15/2016 8:26 PM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "1/1/2017 1:48 PM"    ""
+ "msacm.ac3acm"    "AC-3 ACM Decompressor"    "fccHandler"    "c:\windows\syswow64\ac3acm.acm"    "2/4/2004 9:11 PM"    ""
+ "msacm.alf2cd"    "NCT ALF2CD Audio CODEC"    "NCT Company"    "c:\windows\syswow64\alf2cd.acm"    "9/11/2001 12:26 AM"    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "7/15/2016 7:41 PM"    ""
+ "msacm.lame"    "LAME Audio Encoder"    ""    "c:\windows\syswow64\lame.ax"    "8/1/2005 6:43 AM"    ""
+ "msacm.scg726"    "SHARP G.726 ACM Audio Decoder"    "SHARP Corporation"    "c:\windows\syswow64\scg726.acm"    "3/14/2000 4:55 AM"    ""
+ "msacm.voxacm160"    "Voxware Audio Compression Manager Driver"    "Voxware, Inc."    "c:\windows\syswow64\vct3216.acm"    "6/10/1998 12:42 PM"    ""
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "7/15/2016 7:42 PM"    ""
+ "vidc.DIVX"    "DivX Video for Windows Codec"    "DivXNetworks, Inc."    "c:\windows\syswow64\divx.dll"    "4/23/2003 7:34 PM"    ""
+ "vidc.dvsd"    "MainConcept DV Codec"    "MainConcept"    "c:\windows\syswow64\mcdvd_32.dll"    "2/18/2001 6:18 PM"    ""
+ "vidc.LAGS"    "Lagarith"    " "    "c:\windows\syswow64\lagarith.dll"    "12/7/2011 6:32 PM"    ""
+ "vidc.mjpg"    "PICVideo M-JPEG 3 codec"    "Pegasus Imaging Corporation"    "c:\windows\syswow64\pvmjpg30.dll"    "1/11/2005 9:54 AM"    ""
+ "vidc.VP60"    "VP6 VIDEO FOR WINDOWS CODEC "    "On2.com"    "c:\windows\syswow64\vp6vfw.dll"    "12/10/2004 9:03 AM"    ""
+ "vidc.VP61"    "VP6 VIDEO FOR WINDOWS CODEC "    "On2.com"    "c:\windows\syswow64\vp6vfw.dll"    "12/10/2004 9:03 AM"    ""
+ "vidc.VP62"    "VP6 VIDEO FOR WINDOWS CODEC "    "On2.com"    "c:\windows\syswow64\vp6vfw.dll"    "12/10/2004 9:03 AM"    ""
+ "vidc.xvid"    ""    ""    "c:\windows\syswow64\xvidvfw.dll"    "7/3/2004 12:08 PM"    ""
"HKLM\Software\Classes\Filter"    ""    ""    ""    "8/17/2016 7:32 PM"    ""
+ "LAME Audio Encoder"    "LAME Audio Encoder"    ""    "c:\windows\syswow64\lame.ax"    "8/1/2005 6:43 AM"    ""
+ "Sony Amplitude Modulation"    "Sony XFX 3 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Chorus"    "Sony XFX 1 Plug-In Pack "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Distortion"    "Sony XFX 3 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Dither"    "Sony TrackFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Amplitude Modulation"    "Sony ExpressFX 2 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Audio Restoration"    "Sony ExpressFX Audio Restoration"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\xpvinyl_x64.dll"    "5/19/2015 6:22 PM"    ""
+ "Sony ExpressFX Chorus"    "Sony ExpressFX 2 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Delay"    "Sony ExpressFX 2 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Distortion"    "Sony ExpressFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Dynamics"    "Sony ExpressFX 3 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Equalization"    "Sony ExpressFX 2 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Flange/Wah-Wah"    "Sony ExpressFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Graphic EQ"    "Sony ExpressFX 3 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Noise Gate"    "Sony ExpressFX 3 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Reverb"    "Sony ExpressFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Stutter"    "Sony ExpressFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony ExpressFX Time Stretch"    "Sony ExpressFX 3 "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony Flange/Wah-wah"    "Sony XFX 3 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Gapper/Snipper"    "Sony XFX 3 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Graphic Dynamics"    "Sony XFX 2 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Graphic EQ"    "Sony XFX 2 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Multi-Band Dynamics"    "Sony XFX 2 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Multi-Tap Delay"    "Sony XFX 1 Plug-In Pack "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Noise Gate"    "Sony XFX 2 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Pan"    "Sound Forge Pro Pan and Volume 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sffrgpnv_x64.dll"    "5/19/2015 6:22 PM"    ""
+ "Sony Paragraphic EQ"    "Sony XFX 2 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Parametric EQ"    "Sony XFX 2 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Pitch Shift"    "Sony XFX 1 Plug-In Pack "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Resonant Filter"    "Sony Resonant Filter"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfresfilter_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony Reverb"    "Sony XFX 1 Plug-In Pack "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Simple Delay"    "Sony XFX 1 Plug-In Pack "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Smooth/Enhance"    "Sony XFX 3 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Time Stretch"    "Sony XFX 1 Plug-In Pack "    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Track Compressor"    "Sony TrackFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony Track EQ"    "Sony TrackFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony Track Noise Gate"    "Sony TrackFX 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll"    "5/19/2015 6:21 PM"    ""
+ "Sony Vibrato"    "Sony XFX 3 Plug-In Pack"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll"    "5/19/2015 6:20 PM"    ""
+ "Sony Volume"    "Sound Forge Pro Pan and Volume 1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\sffrgpnv_x64.dll"    "5/19/2015 6:22 PM"    ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "12/14/2016 9:34 PM"    ""
+ "AcousticaResizeFilter"    ""    ""    "c:\program files\acoustica mixcraft 7\acuresizefilter.dll"    "6/29/2016 12:16 PM"    ""
+ "AcousticaResizeFilterHiQ"    ""    ""    "c:\program files\acoustica mixcraft 7\acuresizefilterhiq.dll"    "6/29/2016 12:16 PM"    ""
+ "Sony Wave Hammer Surround"    "Sony Wave Hammer 5.1"    "Sony Creative Software Inc."    "c:\program files (x86)\sony\shared plug-ins\audio_x64\mchammer_x64.dll"    "5/19/2015 6:22 PM"    ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "Audio Source"    "Windows Media Preview Object"    "Microsoft Corporation"    "c:\program files (x86)\windows media components\encoder\wmprevu.dll"    "12/11/2002 7:34 PM"    ""
+ "AVS Video Out"    "AVSVideoOutFilter DirectShow Filter"    "Online Media Technologies Ltd"    "c:\program files (x86)\common files\avsmedia\activex\avsvideooutfilter3.ax"    "2/2/2011 3:23 AM"    ""
+ "AVSMediaGrabber"    "AVSMediaGrabber4 DirectShow Filter"    "Online Media Technologies Ltd."    "c:\program files (x86)\common files\avsmedia\activex\avsmediagrabber4.ax"    "7/10/2008 10:27 AM"    ""
+ "DirectVobSub"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "xy-VSFilter Team"    "c:\program files (x86)\kcp\xy-vsfilter\vsfilter.dll"    "12/6/2014 7:46 PM"    ""
+ "DirectVobSub (auto-loading version)"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "xy-VSFilter Team"    "c:\program files (x86)\kcp\xy-vsfilter\vsfilter.dll"    "12/6/2014 7:46 PM"    ""
+ "DivX Decoder Filter"    "DivX ™ Decoder Filter"    "DivXNetworks, Inc."    "c:\windows\syswow64\divxdec.ax"    "4/23/2003 7:29 PM"    ""
+ "DivX Video Decoder 0004"    "DivX® Decoder Filter"    "DivX, Inc."    "c:\program files (x86)\pinnacle\shared files\filter\divxdec.ax"    "10/5/2006 4:38 PM"    ""
+ "LAME Audio Encoder"    "LAME Audio Encoder"    ""    "c:\windows\syswow64\lame.ax"    "8/1/2005 6:43 AM"    ""
+ "LAV Audio Decoder"    "LAV Audio Decoder - DirectShow Audio Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\kcp\lav filters\lavaudio.ax"    "9/22/2015 3:47 AM"    ""
+ "LAV Splitter"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\kcp\lav filters\lavsplitter.ax"    "9/22/2015 3:47 AM"    ""
+ "LAV Splitter Source"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\kcp\lav filters\lavsplitter.ax"    "9/22/2015 3:47 AM"    ""
+ "LAV Video Decoder"    "LAV Video Decoder - DirectShow Video Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files (x86)\kcp\lav filters\lavvideo.ax"    "9/22/2015 3:47 AM"    ""
+ "madVR"    "madshi's D3D9 based video renderer"    "madshi.net"    "c:\program files (x86)\kcp\madvr\madvr.ax"    "9/25/2015 3:27 PM"    ""
+ "MPEG Layer-3 Decoder"    "MPEG Layer-3 Audio Decoder"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codecx.ax"    "3/11/1999 11:42 AM"    ""
+ "PICVideo M-JPEG 3 Compressor"    "PICVideo M-JPEG 3 codec"    "Pegasus Imaging Corporation"    "c:\windows\syswow64\pvmjpg30.dll"    "1/11/2005 9:54 AM"    ""
+ "PICVideo M-JPEG 3 Decompressor"    "PICVideo M-JPEG 3 codec"    "Pegasus Imaging Corporation"    "c:\windows\syswow64\pvmjpg30.dll"    "1/11/2005 9:54 AM"    ""
+ "Pinnacle MP3 Encoder"    "Pinnacle MP3 compressor"    "Pinnacle Systems"    "c:\program files (x86)\pinnacle\shared files\filter\pclemp3encoder.ax"    "9/25/2006 7:44 PM"    ""
+ "RealMediaRenderer2"    "Real Media Renderer 2"    "Pinnacle Systems, Inc."    "c:\program files (x86)\pinnacle\shared files\realvideo\pclermrenderer2.ax"    "4/18/2007 4:27 PM"    ""
+ "Record Queue"    "WME Record Queue"    "Microsoft Corporation"    "c:\program files (x86)\windows media components\encoder\wmedque.dll"    "12/11/2002 7:34 PM"    ""
+ "Video Source"    "Windows Media Preview Object"    "Microsoft Corporation"    "c:\program files (x86)\windows media components\encoder\wmprevu.dll"    "12/11/2002 7:34 PM"    ""
+ "VSDC Video Decoder"    "mslvddsfilter3 ActiveX DLL"    "Flash-Integro LLC"    "c:\windows\syswow64\mslvddsfilter3.ax"    "4/20/2016 12:09 AM"    ""
+ "WMEnc Screen Capture Filter"    "WMESrcWp Module"    "Microsoft Corporation"    "c:\program files (x86)\windows media components\encoder\wmesrcwp.dll"    "12/11/2002 7:34 PM"    ""
+ "XviD MPEG-4 Video Decoder"    ""    ""    "c:\windows\syswow64\xvid.ax"    "9/6/2004 7:06 AM"    ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)"    ""    ""    ""    "8/13/2016 6:42 PM"    ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE"    "Internet Explorer"    "Microsoft Corporation"    "c:\program files\internet explorer\iexplore.exe"    "7/15/2016 8:17 PM"    ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "12/4/2016 3:28 PM"    ""
+ "Advanced TCP/IP Port Monitor"    "Advanced TCP/IP Port Monitor DLL"    "Marvell Semiconductor, Inc."    "c:\windows\system32\mvtcpmon.dll"    "6/25/2009 9:27 AM"    ""
+ "HP Discovery Port Monitor (HP OfficeJet 3830 series)"    "HP Discovery Port Monitor"    "Hewlett-Packard Development Company, LP"    "c:\windows\system32\hpdiscopme511.dll"    "3/9/2015 2:44 PM"    ""
+ "HP E511 Status Monitor"    "Print Status Language Monitor"    "Hewlett-Packard Development Company, LP"    "c:\windows\system32\hpinkstse511lm.dll"    "12/18/2014 1:36 PM"    ""
+ "HP1100LM"    "Marvell Printer Language Monitor"    ""    "c:\windows\system32\hp1100lm.dll"    "8/31/2012 1:03 AM"    ""
"HKLM\Software\Microsoft\Office\Outlook\Addins"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "Connect Class"    "Outlook Social Connector 2013"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\socialconnector.dll"    "7/30/2015 6:36 AM"    ""
+ "FormRegionAddin Class"    ""    ""    "c:\program files\microsoft office\office16\addins\umoutlookaddin.dll"    "7/30/2015 6:36 AM"    ""
+ "Microsoft VBA for Outlook Addin"    "Outlook VBA Integration Add-In"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\addins\outlvba.dll"    "2/9/2016 9:18 AM"    ""
+ "OneNote Notes about Outlook Items"    "Microsoft OneNote Outlook Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onbttnol.dll"    "12/29/2015 8:12 AM"    ""
"HKCU\Software\Microsoft\Office\Outlook\Addins"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
X "Access COM Addin for Outlook"    "Access Outlook Data Collection Addin"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\addins\accolk.dll"    "7/30/2015 6:02 AM"    ""
+ "ColleagueImportAddIn Class"    "Microsoft Office 2016 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\addins\colleagueimport.dll"    "7/30/2015 6:13 AM"    ""
"HKLM\Software\Microsoft\Office\Excel\Addins"    ""    ""    ""    "8/13/2016 6:31 PM"    ""
+ "NativeShim.InquireConnector Class"    "Microsoft Office 2016 component"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office16\dcf\nativeshim.dll"    "7/30/2015 6:23 AM"    ""
+ "PowerMapConnect Class"    "Microsoft Office 2016 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\addins\power map excel add-in\excelpluginshell.dll"    "7/30/2015 6:11 AM"    ""
"HKCU\Software\Microsoft\Office\Excel\Addins"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
X "Ad Hoc Reporting Excel Client Add-In"    "Power View for Excel module"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\addins\power view excel add-in\adhocreportingexcelclient.dll"    "6/25/2015 4:26 AM"    ""
+ "NativeEntry Class"    "PowerPivot for Excel"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\addins\powerpivot excel add-in\powerpivotexcelclientaddin.dll"    "6/25/2015 4:27 AM"    ""
"HKCU\Software\Microsoft\Office\PowerPoint\Addins"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
X "OneNote PowerPoint Add-In Take Notes Button Class"    "Microsoft OneNote PowerPoint Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onbttnppt.dll"    "11/10/2015 2:51 PM"    ""
X "OneNote PowerPoint Add-In Take Notes Content Service Class"    "Microsoft OneNote PowerPoint Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onpptaddin.dll"    "12/29/2015 8:21 AM"    ""
"HKCU\Software\Microsoft\Office\Word\Addins"    ""    ""    ""    "1/4/2017 10:55 PM"    ""
X "OneNote Word Add-In Take Notes Button Class"    "Microsoft OneNote Word Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onbttnwd.dll"    "11/10/2015 2:52 PM"    ""
X "OneNote Word Add-In Take Notes Content Service Class"    "Microsoft OneNote Word Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\onwordaddin.dll"    "12/29/2015 8:45 AM"    ""
 
(SECURITY CHECK)
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 05.01.2017 18:02:34
Path starting: C:\Users\name\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: name
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________
 
Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 14.08.2016 00:54:31
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.EXE
SystemDrive: C: FS: [NTFS] Capacity: [885.9 Gb] Used: [549.4 Gb] Free: [336.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
 
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4693.1005
Microsoft Office 2016 x64 v.16.0.4266.1001
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.31 (64-bit) v.5.31.0 Warning! Download Update
Oracle VM VirtualBox 4.3.6 v.4.3.6 Warning! Download Update
WinRAR 5.31 (32-bit) v.5.31.0 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0
--------------------------- [ RunningProcess ] ----------------------------
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe v.11.0.14393.576
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Unity Web Player v.5.2.0f3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 
(JRT)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by name (Administrator) on Thu 01/05/2017 at 15:20:34.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 51
 
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\clipgrab (Folder)
Successfully deleted: C:\Users\name\AppData\Local\{05214430-7C43-4887-ABFB-25BD2D4B8A7F} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{06B78CA9-0CF4-44BF-8CD9-CBCEFE6D3DDF} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{0CAE77D0-D437-46E7-8AB5-0A642C51EFED} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{0F1956DB-9259-4923-83E2-6EB329372049} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{18F69DB8-E5CB-4CD2-B943-6C7ED6EA99BC} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{1BCB3A8F-7643-4B43-9F31-D8AA183365D3} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{27ADEC93-A7BE-40AB-B376-96A7D17F6085} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{301F1A75-03D9-4942-AF0E-8D2A550A3A7E} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{3C4B8266-6F91-49C2-A108-C61646DEFFDC} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{44D0327E-B84F-4452-9B0A-A51E8F8D41C0} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{45DDFC91-9825-4B60-A8A0-D3C66BA6645A} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{4BB8D735-2F0B-4A0F-916D-7F93C62335EB} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{4E4A9CEF-7BED-4A73-8AF5-9ED46858C999} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{65BD045E-02A7-4084-AB3A-5DBB90B53026} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{6968200F-97AF-4D3B-AC7F-DEF0445739DE} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{6F47229F-DC4A-41A2-AD10-2F3DF6E2F1BB} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{812DAB0A-CAE4-4D8E-9384-472C55788942} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{87371F44-E738-4402-AFAA-8B76C88F8DE2} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{87DB707B-3606-4E0A-B7BD-E1150F9CBDE3} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{88C09952-4FD6-43CF-AF18-074BBED264D2} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{98D5D719-E879-4EB9-9392-3FF5DA9A9993} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{9B47AB1E-A779-440F-AF9F-5E6545FF3680} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{9F2F41A5-D51F-4360-B04D-0D50FB3EAC61} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{A85684E0-B5C5-4048-B9B7-73CCF67CF909} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{ACED2CB8-AE89-49AC-AAD9-5CA166E79B74} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{B6AB20B6-FA17-4241-8AED-3015F9DF40DF} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{C45CB105-4E25-40A0-8C1D-1536D84CB369} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{C8DD1171-2614-447C-8F77-FAE73852219F} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{CD536629-AD27-43D1-B102-5C6C19018B6E} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{D0032FFF-A5E8-4806-848C-2CC1BEFA2988} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{D1AD0C60-4F61-4F60-B2B8-EAA1F18EF45A} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{D5FC8070-28C3-4AED-818B-42F670CB2419} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{D995D852-24E2-443A-A17D-3CFEF8F0375C} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{E2CA24BB-B4BA-4490-8534-263F1C61B7E8} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{E583DA29-C8C2-46D4-9D8B-B206C6D542CC} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{E9E6A3EB-B6D7-48BE-92E2-0008933CB89C} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{EA47A4AA-47EC-4AD9-9298-FD6B137D9E24} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{F10D9975-AFA4-45DB-940B-B68E8C5F3A13} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{F3E615EC-262C-4BEF-8C8C-AD3BF8CD97B5} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\{FB02CB3D-9793-4118-ABB3-46C7E6DBEC0C} (Empty Folder)
Successfully deleted: C:\Users\name\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\name\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\name\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\name\AppData\Roaming\spi (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Program Files (x86)\clipgrab (Folder)
Successfully deleted: C:\Program Files (x86)\driver-soft (Folder)
 
 
 
Registry: 16
 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Start Default_Page_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\(Default) (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6B152866-7DCA-49E7-8FD1-4E2E93BBF819} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F57777DC-BB12-41BE-945A-68C83411DE00} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{F57777DC-BB12-41BE-945A-68C83411DE00} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/05/2017 at 15:23:16.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
(ADW)
# AdwCleaner v6.041 - Logfile created 05/01/2017 at 15:03:59
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-05.2 [Local]
# Operating System : Windows 10 Home (X64)
# Username : name - DESKTOP-FLJ10AR
# Running from : C:\Users\name\Downloads\adwcleaner_6.041.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\web.itibitiphone.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.sof
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.xl415.com
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\xl415.com
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.softwa
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.xl415.com
Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\xl415.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\web.itibitiphone.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.ne
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.s
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.softwa
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdat
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.xl415.com
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\xl415.com
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.soft
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.n
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.xl415.com
Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\xl415.com
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnUpdater]
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Babylon Client]
Value Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Media Finder]
Value Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Media Finder]
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Note-up]
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Value Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [lstrmn]
Value Found: HKU\S-1-5-21-1611035341-2385341829-1232607748-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [lstrmn]
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnonymizerGadget]
Key Found: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [21897 Bytes] - [05/01/2017 15:01:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [9801 Bytes] - [05/01/2017 15:03:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9874 Bytes] ##########


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 06 January 2017 - 12:42 AM

Remove Useless programs.

 

Uninstall the program below with Geek Uninstaller.

 

Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}) (Version: 3.0.003.00 - Lenovo)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Wondershare Dr.Fone for Android(Build 6.2.1.49) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.2.1.49 - Wondershare Software Co.,Ltd.)

 

Fix with Autoruns.


Open Autoruns as administrator and under the "Task Scheduler" tab and uncheck these items.

 

+ "\CyberLink\Photo Master Gadget startup"    "Lenovo Photo Master Update"    "CyberLink Corp."    "c:\program files (x86)\lenovo\lenovo photo master\photomasterworker.exe"    "4/22/2016 2:47 AM"    ""
+ "\HPCustParticipation HP OfficeJet 3830 series"    "HP Product Improvement Study"    "Hewlett-Packard Development Company, LP"    "c:\program files\hp\hp officejet 3830 series\bin\hpcustpartic.exe"    "3/9/2015 2:34 PM"    ""
+ "\Lenovo\Lenovo Customer Feedback Program 64"    "Lenovo.TVT.CustomerFeedback.Agent"    "Lenovo"    "c:\program files (x86)\lenovo\customer feedback program\lenovo.tvt.customerfeedback.agent.exe"    "7/8/2015 9:51 AM"    ""
+ "\Lenovo\Lenovo Solution Center Launcher"    "Lenovo Solution Center"    "Lenovo"    "c:\program files\lenovo\lenovo solution center\app\lscservice.exe"    "7/17/2015 11:35 AM"    ""
+ "\Lenovo\LSC\Lenovo Solution Center Notifications"    "Lenovo Solution Center Notifications"    "Lenovo"    "c:\program files\lenovo\lenovo solution center\lscnotify.exe"    "6/19/2015 6:24 AM"    ""
+ "\Lenovo\LSC\LSCHardwareScan"    ""    ""    "c:\program files\lenovo\lenovo solution center\lsc.exe"    "7/17/2015 10:09 AM"    ""
+ "\Microsoft\Office\Office 15 Subscription Heartbeat"    "Office Subscription Licensing Heartbeat"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office16\olicenseheartbeat.exe"    "7/30/2015 6:35 AM"    ""
+ "\Microsoft\Office\OfficeTelemetryAgentFallBack2016"    "Office Telemetry Agent"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\msoia.exe"    "7/30/2015 6:19 AM"    ""
+ "\Microsoft\Office\OfficeTelemetryAgentLogOn2016"    "Office Telemetry Agent"    "Microsoft Corporation"    "c:\program files\microsoft office\office16\msoia.exe"    "7/30/2015 6:19 AM"    ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "7/16/2016 5:42 AM"    ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "7/15/2016 8:25 PM"    ""
+ "\OneDrive Standalone Update Task v2"    "Standalone Updater"    "Microsoft Corporation"    "c:\users\hhnguyen\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe"    "12/8/2016 2:29 AM"    ""
+ "\Sa72585177258517"    ""    ""    "File not found: C:\Program Files (x86)\Atco\rathmann.exe"    ""    ""
+ "\Sak89692554k89692554"    ""    ""    "File not found: C:\Program Files (x86)\di\di.exe"    ""    ""
+ "\{0C0E0B47-7F7A-0E0A-7911-7E0E7F081105}"    ""    ""    "File not found: bypass"    ""    ""

 

Disable useless items.


Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


 tnkjYlk.png

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

 

PO7tPc7.png

 

 

Run Batch File.

Download and unzip internet Flush.zip to your desktop right click it run as Administrator.
Reboot machine after running this tool.

Disable Tunnel Adapters.

Now disable tunnel adapters with this tool.

Set A Strong DNS Server

Set your DNS to Google or Open DNS with this tool.

 

 

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

Edited by InadequateInfirmity, 06 January 2017 - 12:52 AM.


#5 Clintmister

Clintmister

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 01:22 AM

Hello InadequateInfirmity,

 

Here is my situation based on this topic I posted with the same problem:

Step 1: http://speccy.piriform.com/results/CH3OYjgc6NQ4yMxq0ZrVlN2

Step 2:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Clint (administrator) on 05-01-2017 at 23:58:30
Running from "C:\Users\Clint\AppData\Local\Microsoft\Windows\INetCache\IE\WE0WMAXN"
Microsoft Windows 10 Home  (X64)
Model: 80JM Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 59 entries.

========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FClint
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DeNisco Network

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 54-EE-75-53-99-BA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 34-E6-AD-CA-01-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 36-E6-AD-CA-01-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : DeNisco Network
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : 34-E6-AD-CA-01-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c4a5:400b:77b8:6915%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.16(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 5, 2017 11:10:52 PM
   Lease Expires . . . . . . . . . . : Thursday, January 12, 2017 11:10:52 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 137684653
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-06-06-77-54-EE-75-53-99-BA
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 34-E6-AD-CA-01-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {28B9522E-672D-44B7-A08D-79CD1992058A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : DeNisco Network
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  router.DeNisco
Address:  192.168.2.1

Name:    google.com.DeNisco Network
Addresses:  198.105.244.63
   198.105.254.63

Pinging google.com [172.217.4.238] with 32 bytes of data:
Reply from 172.217.4.238: bytes=32 time=54ms TTL=54
Reply from 172.217.4.238: bytes=32 time=62ms TTL=54

Ping statistics for 172.217.4.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 62ms, Average = 58ms
Server:  router.DeNisco
Address:  192.168.2.1

Name:    yahoo.com.DeNisco Network
Addresses:  198.105.244.63
   198.105.254.63

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=92ms TTL=50
Reply from 206.190.36.45: bytes=32 time=89ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 92ms, Average = 90ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...54 ee 75 53 99 ba ......Realtek PCIe GBE Family Controller
  8...34 e6 ad ca 01 08 ......Microsoft Wi-Fi Direct Virtual Adapter
 14...36 e6 ad ca 01 07 ......Microsoft Hosted Network Virtual Adapter
 21...34 e6 ad ca 01 07 ......Intel® Dual Band Wireless-AC 3160
  9...34 e6 ad ca 01 0b ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.16     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0         On-link      192.168.2.16    311
     192.168.2.16  255.255.255.255         On-link      192.168.2.16    311
    192.168.2.255  255.255.255.255         On-link      192.168.2.16    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.2.16    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.2.16    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 21    311 fe80::/64                On-link
 21    311 fe80::c4a5:400b:77b8:6915/128
                                    On-link
  1    331 ff00::/8                 On-link
 21    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2017 11:41:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

System errors:
=============
Error: (01/05/2017 11:49:57 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (01/05/2017 11:49:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (01/05/2017 11:41:59 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/05/2017 11:41:59 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/05/2017 11:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/05/2017 11:13:20 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (01/05/2017 11:11:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/05/2017 11:11:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/05/2017 11:11:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/05/2017 11:10:52 PM) (Source: Service Control Manager) (User: )
Description: The WCAssistantService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Microsoft Office Sessions:
=========================
Error: (01/05/2017 11:41:14 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dll9

Error: (01/05/2017 11:32:13 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\x64\LXEBsm64.dll9

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dll9

Error: (01/05/2017 11:32:10 PM) (Source: SideBySide)(User: )
Description: C:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dllC:\Lexmark\drivers\S500\drivers\win_xp2k\i386\LXEBsm.dll9

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\System32\lxebsm.dllC:\Windows\System32\lxebsm.dll9

Error: (01/05/2017 11:32:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\System32\lxebsm.dllC:\Windows\System32\lxebsm.dll9

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\SysWOW64\LXEBsm.dllC:\Windows\SysWOW64\LXEBsm.dll9

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\SysWOW64\LXEBsm.dllC:\Windows\SysWOW64\LXEBsm.dll9

Error: (01/05/2017 11:32:06 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\Lexmark Pro200-S500 Series\Drivers\X64\lxebsm64.dllC:\Program Files\Lexmark Pro200-S500 Series\Drivers\X64\lxebsm64.dll9

CodeIntegrity Errors:
===================================
  Date: 2017-01-05 23:50:13.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-05 23:50:13.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-05 23:27:10.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 23:13:38.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-05 23:09:34.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 23:09:33.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume5\Windows\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 21:47:07.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 13:48:03.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-05 13:45:43.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-05 13:17:37.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

=========================== Installed Programs ============================

Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Audition CC 2015.2 (HKLM-x32\...\AUDT_9_2_1) (Version: 9.2.1 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015.3 (HKLM-x32\...\PPRO_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated)
Adobe Story CC (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.1234 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4ABFEC28-1554-493D-A84D-BEA21D8E6D6F}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus (HKLM\...\{D2CD7DCF-D129-4A54-8543-38BECC6CFDAE}) (Version: 7.6.7.1 - Dolby Laboratories Inc)
Final Draft (HKLM-x32\...\{98CA9FD5-87B8-407B-B803-2DB8A05AACBE}) (Version: 10.0.1.44 - Cast & Crew Production Software, LLC)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.19.0.4140 - Blueberry)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.0 - Genesys Logic)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Harmony (HKLM-x32\...\{A06FD661-4B18-4054-B09C-E852D28E5AEB}) (Version: 1.1.0.0304 - Lenovo) Hidden
Harmony (HKLM-x32\...\{D02D9427-507D-4912-9285-97FCD5417E72}) (Version: 1.1.0.0304 - Lenovo)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404761.40 - Comodo)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.069.02 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.6 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.6 - Lenovo)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.8.1.14 - Symantec Corporation)
NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo) Hidden
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.18.0 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Web Companion (HKLM-x32\...\{c640a44a-c241-4147-b69b-d01729ae375f}) (Version: 2.3.1499.2879 - Lavasoft)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
ZoomInfo Contact Contributor (HKCU\...\ZoomInfo Contact Contributor) (Version: 53 - )

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 8097.92 MB
Available physical RAM: 4557.88 MB
Total Virtual: 9377.92 MB
Available Virtual: 5941.97 MB

========================= Partitions: =====================================

1 Drive c: (Windows8_OS) (Fixed) (Total:891.51 GB) (Free:446 GB) NTFS
2 Drive n: (LENOVO) (Fixed) (Total:25 GB) (Free:24.86 GB) NTFS

========================= Users: ========================================

User accounts for \\FCLINT

Administrator            Clint                    DefaultAccount         
Guest                  

**** End of log ****

 

STEP 3: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 1:45 PM" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 1:29 AM" ""
+ "AutoStartTransition" "" "" "c:\program files (x86)\lenovo\lenovotransition\transitionserver.exe" "11/16/2014 7:38 AM" ""
+ "DDPF3" "DolbyDigitalPlus" "Dolby Laboratories Inc." "c:\program files\dolby\ddp_f3\ddpf3.exe" "11/3/2014 11:43 PM" ""
+ "EzPrint" "" "" "c:\program files (x86)\lexmark pro200-s500 series\ezprint.exe" "4/5/2010 4:56 AM" ""
+ "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe" "10/9/2014 3:55 PM" ""
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe" "3/19/2016 2:54 AM" ""
+ "LenovoUtility" "Lenovo Utility" "" "c:\program files\lenovo\lenovoutility\utility.exe" "12/18/2014 8:37 PM" ""
+ "LMCSSTART1" "Lenovo® Multimedia Subsystem Generic Control Utility" "Lenovo Corporation" "c:\program files\lenovo\communications utility\lmcsctrl.exe" "3/23/2015 12:34 AM" ""
+ "LMCSSTART2" "Lenovo® Multimedia Subsystem Generic Control Utility" "Lenovo Corporation" "c:\program files\lenovo\communications utility\lmcsctrl.exe" "3/23/2015 12:34 AM" ""
+ "LMCSSTART3" "Lenovo® Multimedia Subsystem Generic Control Utility" "Lenovo Corporation" "c:\program files\lenovo\communications utility\lmcsctrl.exe" "3/23/2015 12:34 AM" ""
+ "lxebmon.exe" "Printer Device Monitor" "" "c:\program files (x86)\lexmark pro200-s500 series\lxebmon.exe" "4/1/2010 11:23 AM" ""
+ "Malwarebytes TrayApp" "Malwarebytes Tray Application" "Malwarebytes" "c:\program files/malwarebytes/anti-malware\mbamtray.exe" "12/12/2016 12:07 PM" ""
+ "OneKeyOptimizer" "OneKeyOptimizerTray" "Lenovo(beijing) Limited" "c:\program files\lenovo\onekey optimizer\bin\onekeyoptimizertray.exe" "11/18/2014 4:12 AM" ""
+ "PhoneCompanion" "Lenovo Phone Companion" "Lenovo" "c:\program files\lenovo phonecompanion\phone companion.exe" "8/5/2014 11:40 PM" ""
+ "RtHDVBg_Dolby" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "9/2/2015 5:34 AM" ""
+ "RtHDVBg_LENOVO_DOLBYDRAGON" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "9/2/2015 5:34 AM" ""
+ "RtHDVBg_LENOVO_MICPKEY" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "9/2/2015 5:34 AM" ""
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "9/1/2015 7:18 AM" ""
+ "SynTPEnh" "Synaptics TouchPad 64-bit Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "7/23/2015 5:12 PM" ""
+ "toys" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 11:34 AM" ""
+ "toys" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/5/2017 1:46 PM" ""
+ "electrolyte" "" "" "File not found: C:\Program Files (x86)\Syllabic\genoese.exe" "" ""
+ "hadera" "" "" "c:\program files (x86)\waistbands\hadera.exe" "12/5/2009 4:50 PM" ""
+ "hostetter" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "midwives" "" "" "File not found: C:\Program Files (x86)\Intramural\scheduled.exe" "" ""
+ "rodin" "" "" "c:\program files (x86)\anthers\rodin.exe" "12/5/2009 4:50 PM" ""
+ "toys" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "tracing" "" "" "File not found: C:\Program Files (x86)\waistbands\sunland.exe" "" ""
"C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "1/5/2017 9:40 AM" ""
+ "ok2089576.lnk" "" "" "File not found: File" "" ""
+ "ok2089576palsy.lnk" "" "" "File not found: File" "" ""
+ "palsy.lnk" "" "" "File not found: File" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "9/18/2016 5:27 AM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/15/2016 8:25 PM" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "1/4/2017 1:00 PM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\55.0.2883.87\installer\chrmstp.exe" "12/8/2016 12:25 AM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/15/2016 7:41 PM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/5/2017 1:45 PM" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\navshext.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "1/5/2017 1:45 PM" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\navshext.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "1/5/2017 1:40 PM" ""
+ "BuPropertySheet" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "TheDeskTopContextMenu Class" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\igfxdtcm.dll" "5/1/2016 11:37 PM" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "1/4/2017 5:53 PM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "c:\program files\malwarebytes\anti-malware\mbshlext.dll" "9/13/2016 9:20 AM" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "9/18/2016 5:32 AM" ""
+ "igfxDTCM" "igfxDTCM Module" "Intel Corporation" "c:\windows\system32\igfxdtcm.dll" "5/1/2016 11:37 PM" ""
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "2/23/2016 2:16 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "1/5/2017 1:40 PM" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "MBAMShlExt" "Malwarebytes" "Malwarebytes" "c:\program files\malwarebytes\anti-malware\mbshlext.dll" "9/13/2016 9:20 AM" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\navshext.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "1/5/2017 1:40 PM" ""
+ "  OverlayExcluded" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "  OverlayPending" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ "  OverlayProtected" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\bushell.dll" "10/17/2016 4:14 AM" ""
+ " AccExtIco1" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ " AccExtIco2" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ " AccExtIco3" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "5/22/2016 12:00 PM" ""
+ " SkyDrivePro1 (ErrorConflict)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
+ " SkyDrivePro2 (SyncInProgress)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
+ " SkyDrivePro3 (InSync)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "1/4/2017 1:00 PM" ""
+ " SkyDrivePro1 (ErrorConflict)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
+ " SkyDrivePro2 (SyncInProgress)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
+ " SkyDrivePro3 (InSync)" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "1/5/2017 1:40 PM" ""
+ "Lync Browser Helper" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\ochelper.dll" "12/8/2016 9:08 AM" ""
+ "Microsoft OneDrive for Business Browser Helper" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\grooveex.dll" "12/8/2016 9:22 AM" ""
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "1/5/2017 1:40 PM" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_111\bin\jp2ssv.dll" "9/22/2016 8:37 PM" ""
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_111\bin\ssv.dll" "9/22/2016 8:37 PM" ""
+ "Lync Browser Helper" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\ochelper.dll" "12/8/2016 9:21 AM" ""
+ "Microsoft OneDrive for Business Browser Helper" "Microsoft OneDrive for Business Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\grooveex.dll" "12/8/2016 9:06 AM" ""
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "1/5/2017 1:40 PM" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "1/5/2017 1:40 PM" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\coieplg.dll" "11/11/2016 3:09 PM" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "10/24/2016 10:01 AM" ""
+ "Lync Click to Call" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\ochelper.dll" "12/8/2016 9:08 AM" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\onbttnielinkednotes.dll" "12/8/2016 9:21 AM" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilesx64\microsoft office\office16\onbttnie.dll" "12/8/2016 9:15 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "1/4/2017 1:00 PM" ""
+ "Lync Click to Call" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\ochelper.dll" "12/8/2016 9:21 AM" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\onbttnielinkednotes.dll" "12/8/2016 9:10 AM" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\onbttnie.dll" "12/8/2016 9:20 AM" ""
"Task Scheduler" "" "" "" "" ""
+ "\ab08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "\AdobeAAMUpdater-1.0-MicrosoftAccount-fclintd@hotmail.com" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "6/29/2016 1:29 AM" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/23/2016 5:31 PM" ""
+ "\bak69151299k69151299" "disastrous" "disastrous" "c:\program files (x86)\abhors\abhors.exe" "1/4/2017 5:39 AM" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "1/15/2016 2:18 PM" ""
+ "\CyberLink\Photo Master Gadget startup" "Lenovo Photo Master Update" "CyberLink Corp." "c:\program files (x86)\lenovo\lenovo photo master\photomasterworker.exe" "4/22/2016 2:47 AM" ""
+ "\dc08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1" "" "" "File not found: C:\Program Files (x86)\cartridge\antivirals.exe" "" ""
+ "\Lenovo\Lenovo Customer Feedback Program 64" "Lenovo.TVT.CustomerFeedback.Agent" "Lenovo" "c:\program files (x86)\lenovo\customer feedback program\lenovo.tvt.customerfeedback.agent.exe" "9/2/2014 8:44 AM" ""
+ "\Lenovo\Lenovo Customer Feedback Program 64 35" "Lenovo.TVT.CustomerFeedback.Agent" "Lenovo" "c:\program files (x86)\lenovo\customer feedback program 35\lenovo.tvt.customerfeedback.agent35.exe" "9/10/2014 8:04 AM" ""
+ "\Microsoft\Office\Office Automatic Updates" "Microsoft Office Click-to-Run Client (SxS)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe" "12/8/2016 9:21 AM" ""
+ "\Microsoft\Office\Office ClickToRun Service Monitor" "Microsoft Office Click-to-Run Client (SxS)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe" "12/8/2016 9:21 AM" ""
+ "\Microsoft\Office\Office Subscription Maintenance" "Office Subscription Licensing Heartbeat" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe" "12/8/2016 9:05 AM" ""
+ "\Microsoft\Office\OfficeTelemetryAgentFallBack2016" "Office Telemetry Agent" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\msoia.exe" "12/8/2016 9:13 AM" ""
+ "\Microsoft\Office\OfficeTelemetryAgentLogOn2016" "Office Telemetry Agent" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\msoia.exe" "12/8/2016 9:13 AM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 5:42 AM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/15/2016 8:25 PM" ""
X "\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" "" "" "File not found: C:\WINDOWS\System32\AutoWorkplace.exe" "" ""
+ "\Norton Security\Norton Autofix" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\symerr.exe" "8/31/2016 12:49 PM" ""
+ "\Norton Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\symerr.exe" "8/31/2016 12:49 PM" ""
+ "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA nodejs launcher" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvnode\nvnodejslauncher.exe" "11/16/2016 10:38 AM" ""
+ "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "11/17/2016 4:16 AM" ""
+ "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "11/17/2016 4:16 AM" ""
+ "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA telemetry monitor" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmmon.exe" "11/17/2016 4:12 AM" ""
+ "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "11/17/2016 4:11 AM" ""
+ "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "11/17/2016 4:11 AM" ""
+ "\OneDrive Standalone Update Task" "Standalone Updater" "Microsoft Corporation" "c:\users\clint\appdata\local\microsoft\onedrive\17.3.6517.0809\onedrivestandaloneupdater.exe" "8/9/2016 12:20 PM" ""
+ "\UMonitor Task" "" "" "File not found: C:\windows\SysWOW64\UMonit64.exe" "" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/5/2017 11:27 PM" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "12/10/2016 5:16 PM" ""
+ "AdobeUpdateService" "Adobe Update Service" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe" "8/24/2016 9:18 AM" ""
+ "AGSService" "Adobe Genuine Software Integrity Service" "Adobe Systems, Incorporated" "c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe" "12/12/2016 7:15 PM" ""
+ "Apple Mobile Device Service" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "2/12/2015 9:18 PM" ""
+ "AVControlCenter" "Lenovo AVFramework Control Center" "Lenovo Corporation" "c:\program files\lenovo\communications utility\avcontrolcenter32.exe" "3/23/2015 12:32 AM" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "8/12/2015 4:47 PM" ""
+ "CCSDK" "Lenovo CCSDK" "" "c:\program files (x86)\lenovo\ccsdk\ccsdk.exe" "10/21/2014 11:55 PM" ""
+ "ClickToRunSvc" "‪Manages resource coordination, background streaming, and system integration of Microsoft Office products and their related updates. This service is required to run during the use of any Microsoft Office program, during initial streaming installation and all subsequent updates.‬" "Microsoft Corporation" "c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe" "12/8/2016 9:06 AM" ""
+ "cphs" "Intel® Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe" "7/9/2015 5:19 PM" ""
+ "FastbootService" "Lenovo HDD Boot Accelerator" "Lenovo" "c:\program files\lenovo\onekey optimizer\bin\fbservice.exe" "11/19/2014 8:20 AM" ""
+ "FlexNet Licensing Service" "This service performs licensing functions on behalf of FlexNet enabled products." "Flexera Software LLC" "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" "9/28/2015 11:21 AM" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc" "" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc" "" ""
+ "HarmonySettingService" "HarmonySettingService" "Lenovo" "c:\program files (x86)\lenovo\harmony\setting\harmonysettingservice.exe" "2/9/2015 1:39 AM" ""
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe" "8/22/2014 3:24 PM" ""
+ "iBtSiva" "Intel® Wireless Bluetooth® iBtSiva Service" "Intel Corporation" "c:\program files (x86)\intel\bluetooth\ibtsiva.exe" "12/3/2014 4:24 PM" ""
+ "ICCS" "Intel® Integrated Clock Controller Service - Intel® ICCS" "Intel Corporation" "c:\program files (x86)\intel\intel® integrated clock controller service\iccproxy.exe" "4/24/2012 2:46 PM" ""
+ "igfxCUIService2.0.0.0" "Service for Intel® HD Graphics Control Panel" "Intel Corporation" "c:\windows\system32\igfxcuiservice.exe" "5/1/2016 11:35 PM" ""
+ "ImControllerService" "The Lenovo System Interface Foundation Service provides interfaces for key features such as: system power management, system optimization, driver and application updates, and system settings to Lenovo applications including Lenovo Companion, Lenovo Settings and Lenovo ID. If you disable this service, Lenovo applications will not work properly." "Lenovo Group Limited" "c:\program files\lenovo\imcontroller\service\lenovo.modern.imcontroller.exe" "12/1/2016 11:42 AM" ""
+ "Intel® Capability Licensing Service TCP IP Interface" "Version: 1.35.133.1" "Intel® Corporation" "c:\program files\intel\icls client\socketheciserver.exe" "5/13/2014 6:31 AM" ""
+ "Intel® ME Service" "Intel® Manageability Engine Service (Intel® ME Service)" "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe" "9/26/2014 3:06 PM" ""
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "3/19/2016 2:54 AM" ""
+ "isesrv" "Internet Security Essentials" "COMODO" "c:\program files (x86)\comodo\internet security essentials\isesrv.exe" "12/5/2016 7:14 PM" ""
+ "iumsvc" "Intel® Update Manager helps you keep your system up-to-date." "Intel Corporation" "c:\program files (x86)\intel\intel® update manager\bin\iumsvc.exe" "7/1/2015 5:03 PM" ""
+ "jhi_service" "Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL" "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe" "9/23/2014 1:57 PM" ""
+ "Lenovo OKO Service" "OneKey Optimizer Self Update Install Service" "Lenovo(beijing) Limited" "c:\program files\lenovo\onekey optimizer\bin\okoupdataservice.exe" "11/18/2014 4:09 AM" ""
+ "Lenovo Settings Service" "Lenovo Settings Service" "Lenovo Group Limited" "c:\program files\lenovo\settingsdependency\settingsservice.exe" "4/9/2015 11:35 PM" ""
+ "LENOVO.CAMMUTE" "Manages the integrated camera's privacy functions." "Lenovo Corporation" "c:\program files\lenovo\communications utility\cammute.exe" "3/23/2015 12:33 AM" ""
+ "LENOVO.TPKNRSVC" "Handles microphone volume management, Dolby-related features and keyboard noise reduction functions for Lenovo AVFramework." "Lenovo Group Limited" "c:\program files\lenovo\communications utility\tpknrsvc.exe" "3/23/2015 12:34 AM" ""
+ "LENOVO.TVTVCAM" "Manages Integrated Camera virtualization, desktop sharing, and general admin tasks for ThinkVantage Communications Utility." "Lenovo Corporation" "c:\program files\lenovo\communications utility\vcamsvc.exe" "3/23/2015 12:34 AM" ""
+ "LenovoPAWDService" "" "" "c:\program files\lenovo phonecompanion\lpawdservice.exe" "3/12/2014 3:30 AM" ""
+ "LenovoSetSvr" "Lenovo Settings" "Lenovo(beijing) Limited" "c:\program files (x86)\lenovo\lenovo settings\x86\lenovosetsvr.exe" "6/11/2014 2:11 AM" ""
+ "LenovoUpdate" "Check latest updates from Lenovo" "Lenovo" "c:\windows\system32\lenovoupdate.exe" "8/19/2014 6:45 PM" ""
+ "LenovoWiFiHotspotSvr" "Lenovo WiFiHotspot Service" "Lenovo(beijing) Limited" "c:\windows\system32\lenovowifihotspotsvr.exe" "8/25/2014 3:41 AM" ""
+ "LMS" "Intel® Management and Security Application Local Management Service - Provides OS-related Intel® ME functionality." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "9/23/2014 2:01 PM" ""
+ "lxeb_device" "Printer Communication System" " " "c:\windows\system32\lxebcoms.exe" "12/9/2009 2:24 PM" ""
+ "lxebCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\x64\3\lxebserv.exe" "4/1/2010 4:26 AM" ""
+ "MBAMService" "Malwarebytes Service" "Malwarebytes" "c:\program files\malwarebytes\anti-malware\mbamservice.exe" "11/20/2016 3:02 PM" ""
+ "NS" "Norton Security" "Symantec Corporation" "c:\program files (x86)\norton security\engine\22.8.1.14\ns.exe" "9/8/2016 3:39 PM" ""
+ "NvContainerLocalSystem" "Container service for NVIDIA root features" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "11/11/2016 3:15 PM" ""
+ "NvContainerNetworkService" "Container service for NVIDIA network features" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "11/11/2016 3:15 PM" ""
+ "NVIDIA Wireless Controller Service" "NVIDIA Wireless Controller Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\geforce experience service\nvwirelesscontroller.exe" "11/16/2016 10:37 AM" ""
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe" "2/23/2016 2:16 PM" ""
+ "OKOControlSvc" "OneKey Optimizer Control Service" "Lenovo(beijing) Limited" "c:\program files\lenovo\onekey optimizer\bin\okocontrolsvc.exe" "11/16/2014 8:58 PM" ""
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "12/8/2016 9:13 AM" ""
+ "PG_Service_Launcher" "PG_Service_Launcher" "PointGrab LTD" "c:\program files (x86)\lenovo\motion control\pg_service_launcher.exe" "5/28/2014 4:15 AM" ""
+ "PGService" "PGService" "PointGrab LTD" "c:\program files (x86)\lenovo\motion control\pgservice.exe" "5/28/2014 4:13 AM" ""
+ "PhoneCompanionPusher" "Lenovo PhoneCompanionPusher Service" "Lenovo" "c:\program files\lenovo phonecompanion\phonecompanionpusher.exe" "8/5/2014 11:47 PM" ""
+ "PhoneCompanionVap" "Lenovo PhoneCompanionVap Service" "Lenovo" "c:\program files\lenovo phonecompanion\phonecompanionvap.exe" "8/5/2014 11:45 PM" ""
+ "ShareItSvc" "ShareItSvc" "SHAREit Technologies Co.Ltd" "c:\program files (x86)\lenovo\shareit\shareit.service.exe" "1/20/2016 7:12 AM" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "7/25/2016 5:32 AM" ""
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe" "2/23/2016 1:55 PM" ""
+ "SynTPEnhService" "64-bit Synaptics Pointing Enhance Service" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenhservice.exe" "7/23/2015 7:43 PM" ""
+ "WCAssistantService" "Ad-Aware Web Companion Internet security service" "" "c:\program files (x86)\lavasoft\web companion\application\lavasoft.wcassistant.winservice.exe" "11/21/2016 10:36 AM" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "7/15/2016 8:24 PM" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "7/15/2016 8:27 PM" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "9/6/2016 10:41 PM" ""
+ "ymc" "Lenovo Yoga Mode Control" "Lenovo" "c:\programdata\lenovotransition\server\x64\ymc.exe" "11/16/2014 7:38 AM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/5/2017 11:27 PM" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "5/18/2015 4:28 PM" ""
+ "ACPIVPC" "ACPI Virtual Power Controller Driver" "Lenovo Corporation" "c:\windows\system32\drivers\acpivpc.sys" "6/19/2014 6:47 AM" ""
+ "ADP80XX" "PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "4/9/2015 2:49 PM" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "5/14/2015 6:14 AM" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "12/11/2012 3:21 PM" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "4/30/2015 6:55 PM" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "4/9/2015 1:12 PM" ""
+ "b06bdrv" "QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "5/25/2016 1:03 AM" ""
+ "bcmfn" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "6/8/2015 2:32 AM" ""
+ "bcmfn2" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "3/16/2014 4:07 AM" ""
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\program files (x86)\norton security\nortondata\22.8.1.14\definitions\bashdefs\20161220.001\bhdrvx64.sys" "11/4/2016 3:39 AM" ""
+ "ccSet_NS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\ccsetx64.sys" "5/5/2016 4:33 PM" ""
+ "cht4iscsi" "Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "4/20/2016 3:54 AM" ""
+ "cht4vbd" "Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "4/15/2016 1:32 AM" ""
+ "ebdrv" "QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "5/25/2016 1:01 AM" ""
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys" "9/16/2016 8:16 PM" ""
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "9/16/2016 8:16 PM" ""
+ "ESProtectionDriver" "" "" "c:\windows\system32\drivers\mbae64.sys" "4/29/2016 4:10 AM" ""
+ "Fastboot" "WINNT/2K/XP/2003 Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\fastboot.sys" "11/19/2014 8:19 AM" ""
+ "GeneStor" "GeneStor" "GenesysLogic" "c:\windows\system32\drivers\genestor.sys" "4/17/2014 2:38 AM" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "3/26/2013 3:36 PM" ""
+ "iagpio" "Intel® Serial IO GPIO Controller Driver" "Intel® Corporation" "c:\windows\system32\drivers\iagpio.sys" "2/18/2016 1:35 AM" ""
+ "iai2c" "Intel® Serial IO I2C Driver" "Intel® Corporation" "c:\windows\system32\drivers\iai2c.sys" "9/22/2015 12:53 AM" ""
+ "iaLPSS2i_GPIO2" "Intel® Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "3/2/2016 8:06 PM" ""
+ "iaLPSS2i_I2C" "Intel® Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "3/2/2016 8:06 PM" ""
+ "iaLPSSi_GPIO" "Intel® Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 3:00 AM" ""
+ "iaLPSSi_I2C" "Intel® Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/24/2015 9:52 AM" ""
+ "iaStorA" "Intel® Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastora.sys" "8/22/2014 3:26 PM" ""
+ "iaStorAV" "Intel® Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "2/19/2015 6:08 AM" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "4/11/2011 12:48 PM" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "4/10/2016 7:46 AM" ""
+ "ibtusb" "Intel® Wireless Bluetooth® USB Driver" "Intel Corporation" "c:\windows\system32\drivers\ibtusb.sys" "7/13/2015 10:52 AM" ""
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\program files (x86)\norton security\nortondata\22.8.1.14\definitions\ipsdefs\20170105.001\idsvia64.sys" "12/2/2016 11:58 AM" ""
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "5/4/2016 1:21 PM" ""
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "9/8/2015 11:06 AM" ""
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "3/24/2016 2:17 AM" ""
+ "isedrv" "Internet Security Essentials Driver" "COMODO" "c:\windows\system32\drivers\isedrv.sys" "12/5/2016 7:15 PM" ""
+ "KMDFVirtualKbd" "" "" "c:\windows\system32\drivers\kmdfvirtualkbd.sys" "8/4/2014 12:16 AM" ""
+ "KMDFVirtualMouse" "" "" "c:\windows\system32\drivers\kmdfvirtualmouse.sys" "8/4/2014 12:20 AM" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "3/25/2015 1:36 PM" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "3/28/2016 12:49 PM" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "3/28/2016 12:49 PM" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "3/15/2013 5:39 PM" ""
+ "MBAMChameleon" "Malwarebytes Chameleon" "Malwarebytes" "c:\windows\system32\drivers\mbamchameleon.sys" "11/19/2016 1:13 PM" ""
+ "MBAMFarflt" "Malwarebytes Anti-Ransomware Protection" "Malwarebytes" "c:\windows\system32\drivers\farflt.sys" "11/2/2016 8:29 AM" ""
+ "MBAMProtection" "Malwarebytes Real-Time Protection" "Malwarebytes" "c:\windows\system32\drivers\mbam.sys" "9/28/2016 9:45 AM" ""
+ "MBAMSwissArmy" "Malwarebytes SwissArmy" "Malwarebytes" "c:\windows\system32\drivers\mbamswissarmy.sys" "11/9/2016 8:21 AM" ""
+ "MBAMWebProtection" "Malwarebytes Web Protection" "Malwarebytes" "c:\windows\system32\drivers\mwac.sys" "11/17/2016 7:02 PM" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "3/4/2015 8:36 PM" ""
+ "megasas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "7/22/2016 3:36 PM" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "6/3/2013 4:02 PM" ""
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverx64.sys" "9/23/2014 2:01 PM" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "4/10/2016 7:49 AM" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "5/23/2014 2:39 PM" ""
+ "NAVENG" "" "" "File not found: C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\SDSDefs\20170105.008\ENG64.SYS" "" ""
+ "NAVEX15" "" "" "File not found: C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\SDSDefs\20170105.008\EX64.SYS" "" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "4/10/2016 7:46 AM" ""
+ "NetAdapterCx" "" "" "c:\windows\system32\drivers\netadaptercx.sys" "7/15/2016 8:28 PM" ""
+ "NETwNb64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwbw02.sys" "2/22/2015 5:00 AM" ""
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 362.00 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys" "2/23/2016 1:31 PM" ""
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "4/21/2014 12:28 PM" ""
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "4/21/2014 12:34 PM" ""
+ "NvStreamKms" "Nvidia Streaming Kernel Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys" "11/3/2016 2:09 PM" ""
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "10/4/2016 1:20 AM" ""
+ "percsas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "3/14/2016 6:50 PM" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "3/4/2016 3:22 PM" ""
+ "PxHlpa64" "Px Engine Device Driver for 64-bit (x86-64) Windows" "Corel Corporation" "c:\windows\system32\drivers\pxhlpa64.sys" "4/24/2012 11:26 AM" ""
+ "rt640x64" "Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt640x64.sys" "5/5/2015 10:21 AM" ""
+ "rtsuvc" "Realtek UVC Driver for Vista/Win7/Win8/Win8.1" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsuvc.sys" "5/29/2015 3:18 AM" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 12:28 PM" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 3:56 PM" ""
+ "SmbDrvI" "Synaptics SMBus Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\smb_driver_intel.sys" "7/23/2015 4:26 PM" ""
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\srtsp64.sys" "9/13/2016 7:14 PM" ""
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\srtspx64.sys" "9/2/2016 7:56 PM" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "11/26/2012 6:02 PM" ""
+ "SymEFASI" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\symefasi64.sys" "10/12/2016 12:18 PM" ""
+ "SymELAM" "Symantec ELAM" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\symelam.sys" "6/4/2012 7:04 PM" ""
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys" "9/8/2016 1:47 PM" ""
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\ironx64.sys" "9/2/2016 3:44 PM" ""
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\nsx64\1608010.00e\symnets.sys" "9/14/2016 8:43 PM" ""
+ "SynTP" "Synaptics Touchpad Win64 Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "7/23/2015 4:21 PM" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "4/22/2014 1:21 PM" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "1/21/2013 1:00 PM" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "4/10/2016 7:46 AM" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "4/10/2016 7:46 AM" ""
+ "wsvd" "CyberLink Virtual Disk Driver" ""CyberLink" "c:\windows\system32\drivers\wsvd.sys" "6/13/2012 3:10 AM" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "9/18/2016 5:27 AM" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "11/2/2016 4:31 AM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/28/2016 5:10 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/15/2016 8:26 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/28/2016 5:10 PM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "7/15/2016 7:42 PM" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "9/23/2016 7:11 PM" ""
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
+ "Haali Video Renderer" "" "" "c:\program files (x86)\freecodecpack\haali\dxr.x64.dll" "4/14/2013 4:07 AM" ""
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.x64.ax" "4/14/2013 4:30 AM" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "12/1/2016 3:42 PM" ""
+ "BB Dump Filter" "File Dump Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\common files\blueberry software\bbmemdumpflt.ax" "9/7/2006 1:42 AM" ""
+ "DXVA Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\gretech\gomplayer\codecs\mpeg2decfilter.ax" "6/5/2004 2:09 AM" ""
+ "GDCL MP4 Demux" "GDCL Mpeg-4 Demux" "GDCL (www.gdcl.co.uk)" "c:\windows\syswow64\mp4decoder.dll" "9/17/2012 2:27 AM" ""
+ "H.264/MPEG-4 AVC Codec" "H.264/MPEG-4 AVC Codec" "Evaer Technology" "c:\windows\syswow64\h264enc.ax" "4/27/2016 12:30 AM" ""
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Haali Video Renderer" "" "" "c:\program files (x86)\freecodecpack\haali\dxr.dll" "4/14/2013 3:59 AM" ""
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\freecodecpack\haali\splitter.ax" "4/14/2013 4:00 AM" ""
+ "Microcrap MPEG-4 Video Decompressor" "Microcrap MPEG-4 Video Decompressor" "Microcrap Corporation" "c:\windows\syswow64\mpg4ds32.ax" "12/8/1999 2:19 AM" ""
+ "MPEG Audio Decoder (MAD)" "Mpeg Audio Decoder for DirectShow, based on libmad" "Gabest" "c:\program files (x86)\gretech\gomplayer\codecs\mpadecfilter.ax" "5/17/2004 10:06 PM" ""
+ "Mpeg2Dec Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\gretech\gomplayer\codecs\mpeg2decfilter.ax" "6/5/2004 2:09 AM" ""
+ "VSFilter" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\freecodecpack\vsfilter.dll" "12/31/1969 6:00 PM" ""
+ "VSFilter (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\freecodecpack\vsfilter.dll" "12/31/1969 6:00 PM" ""
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax" "12/19/2011 12:31 AM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "9/18/2016 6:15 AM" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/15/2016 8:17 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "9/18/2016 6:02 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "8/12/2015 4:48 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "9/18/2016 6:02 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "8/12/2015 4:47 PM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "12/26/2016 3:15 PM" ""
+ "BJ Language Monitor4" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm4.dll" "3/12/2009 12:50 PM" ""
+ "HP 7012 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts7012lm.dll" "8/11/2013 10:12 AM" ""
+ "Pro200-S500 Series Port" "Printer Communication System" " " "c:\windows\system32\lxeblmpm.dll" "12/9/2009 2:24 PM" ""
"HKLM\Software\Microsoft\Office\Outlook\Addins" "" "" "" "9/18/2016 5:56 AM" ""
+ "Connect Class" "OutlookChangeNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\outlookchangenotifieraddin.dll" "3/2/2016 4:55 PM" ""
"HKCU\Software\Microsoft\Office\Outlook\Addins" "" "" "" "1/5/2017 1:45 PM" ""
+ "{2272AE7A-0C30-48E1-91DF-F9E666276C0C}" "AntiSpam MS Outlook Plugin" "Symantec Corporation" "c:\program files (x86)\norton security\engine64\22.8.1.14\msouplug.dll" "11/11/2016 9:46 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "1/4/2017 1:00 PM" ""
+ "LyncAddin Class" "Skype for Business" "Microsoft Corporation" "c:\program files (x86)\microsoft office\root\office16\ucaddin.dll" "12/9/2016 10:15 PM" ""

 

STEP 4:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Clint (Administrator) on Thu 01/05/2017 at 23:40:47.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 12

Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
Successfully deleted: C:\ProgramData\my web shield (Folder)
Successfully deleted: C:\Users\Clint\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\Clint\AppData\Roaming\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\d3dho8bg.default\user.js (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\a\winonit.exe (File)
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder)

Deleted the following from C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\d3dho8bg.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/05/2017 at 23:46:27.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

STEP 5:

# AdwCleaner v6.041 - Logfile created 06/01/2017 at 00:13:24
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-05.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Clint - FCLINT
# Running from : C:\Users\Clint\AppData\Local\Microsoft\Windows\INetCache\IE\RHFS506B\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: WCAssistantService

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Users\Clint\AppData\Local\app

***** [ Files ] *****

[-] File deleted: C:\Users\Clint\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File deleted: C:\Users\Clint\AppData\Local\aatxtname.txt
[-] File deleted: C:\Users\Clint\AppData\Local\tr5b.txt
[-] File deleted: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\d3dho8bg.default\searchplugins\yahoo-lavasoft.xml

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Key deleted: HKU\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.newtab.url" -  "hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10300_FYD_161201__yaff"
[-] Chrome preferences cleaned: "browser.newtabpage.url" -  "hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10300_FYD_161201__yaff"
[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10300_FYD_161201__yaff"
[-] [C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www.yahoo.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5380 Bytes] - [06/01/2017 00:13:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [5735 Bytes] - [06/01/2017 00:11:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5526 Bytes] ##########

 



#6 FoxMain

FoxMain
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 06 January 2017 - 01:27 AM

Thank you for the advice, Inadequate. As it is getting a little late, I will finish up taking your advice tomorrow and will post results. 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 AM

Posted 06 January 2017 - 01:37 AM

Hey Clint Can you create a new thread. I will be happy to help you. :)

 

Your thread is here clint. :)

 

 

 

https://www.bleepingcomputer.com/forums/t/636609/google-wont-work-because-of-virus-redirect/


Edited by InadequateInfirmity, 06 January 2017 - 01:48 AM.


#8 FoxMain

FoxMain
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 06 January 2017 - 03:58 PM

Alright, here's the log. Probably going to reboot for it to quarantine everything, will post results.

 

Zemana AntiMalware 2.70.2.312 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/1/6
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-6200U CPU @ 2.30GHz
BIOS Mode              : UEFI
CUID                   : 126707C7C0E60559AE27F4
Scan Type              : Custom Scan
Duration               : 138m 1s
Scanned Objects        : 439371
Detected Objects       : 24
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
bitst.exe
Status             : Scanned
Object             : %systemroot%\system32\bitst.exe
MD5                : 8E5226EC7D27F47DFF650BAB8F83D53F
Publisher          : -
Size               : 564736
Version            : 1.0.0.2
Detection          : Adware:Win32/SpeedBit!Sig
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\system32\bitst.exe
 
Keygen.exe
Status             : Scanned
Object             : %userprofile%\downloads\sony vegas pro 13.0 build 453 (x64) + patch di\keygen & patch by di\keygen.exe
MD5                : 4C174ED76448F529F042A83DF8231FA4
Publisher          : -
Size               : 2088960
Version            : -
Detection          : PUA:Win32/SoftCrack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\sony vegas pro 13.0 build 453 (x64) + patch di\keygen & patch by di\keygen.exe
 
Free SD Memory Card Recovery Cracked Free Download.exe
Status             : Scanned
Object             : %userprofile%\downloads\free-sd-memory-card-recovery-cracked-free-download_9003513\free sd memory card recovery cracked free download\free sd memory card recovery cracked free download.exe
MD5                : A6EA5F937E9578A423A39B4A2C451065
Publisher          : TOV "KAMO IT"
Size               : 4648632
Version            : 4.2.2.1
Detection          : Adware:Win32/AutoBulk.58136c!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\free-sd-memory-card-recovery-cracked-free-download_9003513\free sd memory card recovery cracked free download\free sd memory card recovery cracked free download.exe
 
ddnow.exe
Status             : Scanned
Object             : %temp%\nsv9bf4.tmp\ddnow.exe
MD5                : AA267AA7D9C763AE71948FC1AF728C58
Publisher          : -
Size               : 5632
Version            : 1.0.0.0
Detection          : Adware:Win32/Saruth.A!Eatt
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsv9bf4.tmp\ddnow.exe
 
dnow4.exe
Status             : Scanned
Object             : %temp%\nsv9bf4.tmp\dnow4.exe
MD5                : E8602C682E84B411AE383276C6CAA4C9
Publisher          : -
Size               : 5632
Version            : 1.0.0.0
Detection          : Adware:Win32/Saruth.A!Eatt
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsv9bf4.tmp\dnow4.exe
 
dnow.exe
Status             : Scanned
Object             : %temp%\nsv9bf4.tmp\dnow.exe
MD5                : 5EB29B4048D7E47E8A60DC433E533047
Publisher          : -
Size               : 5120
Version            : 1.0.0.0
Detection          : Adware:Win32/Saruth.A!Aaee
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsv9bf4.tmp\dnow.exe
 
ddnow4.exe
Status             : Scanned
Object             : %temp%\nsv9bf4.tmp\ddnow4.exe
MD5                : A4637E25F28DFF00AC47E177A0E3B329
Publisher          : -
Size               : 5632
Version            : 1.0.0.0
Detection          : Adware:Win32/Droon.A!Eatt
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsv9bf4.tmp\ddnow4.exe
 
CheckUser.dll
Status             : Scanned
Object             : %temp%\is-rsf1f.tmp\checkuser.dll
MD5                : 656828F89C237CC127980B0A0BDCFBC3
Publisher          : GOLD CLICK LIMITED
Size               : 232544
Version            : 1.0.0.0
Detection          : Adware:Win32/BulkHeur.dfe8f4!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\is-rsf1f.tmp\checkuser.dll
 
installer1.exe
Status             : Scanned
Object             : %temp%\installer1.exe
MD5                : 37DD3DC013F368A7688E3E6849C730F5
Publisher          : -
Size               : 39844
Version            : -
Detection          : Adware:Win32/Blackoat.A!Kiee
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\installer1.exe
 
adv_207.exe
Status             : Scanned
Object             : %temp%\f9626892-7a78-3199-abd2-97bbce96297b\adv_207.exe
MD5                : A43252873F9E9E045AE79F30AD19398B
Publisher          : Itibiti Systems inc.
Size               : 4605904
Version            : 0.0.0.0
Detection          : Adware:Win32/Itibiti-DJ!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\f9626892-7a78-3199-abd2-97bbce96297b\adv_207.exe
 
offerpg3.exe
Status             : Scanned
Object             : %temp%\f6f79e34-4ee4-4377-b8de-4e1ee1ae1452\offerpg3.exe
MD5                : 73DF8FCA280DC017427458062F99DB77
Publisher          : -
Size               : 290816
Version            : 12.5.2.13578
Detection          : Trojan:Win32/Kloom.A!Rart
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\f6f79e34-4ee4-4377-b8de-4e1ee1ae1452\offerpg3.exe
 
EZSearch.exe
Status             : Scanned
Object             : %temp%\b71b91ad-10cd-477f-a6b3-9f9073362144\ezsearch.exe
MD5                : 256E85D87E11DAD59123059A14F441FB
Publisher          : -
Size               : 744951
Version            : -
Detection          : Adware:Win32/Tamaca!Teie
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\b71b91ad-10cd-477f-a6b3-9f9073362144\ezsearch.exe
 
92CgxvK1[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\si2xu5tn\92cgxvk1[1].exe
MD5                : F24A3007D0213E3ED657790345C3DCFB
Publisher          : -
Size               : 458240
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\si2xu5tn\92cgxvk1[1].exe
 
installer1[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\k3tw3y4o\installer1[1].exe
MD5                : 37DD3DC013F368A7688E3E6849C730F5
Publisher          : -
Size               : 39844
Version            : -
Detection          : Adware:Win32/Blackoat.A!Kiee
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\k3tw3y4o\installer1[1].exe
 
SilentInstaller_dotnet4[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\pigrac2l\silentinstaller_dotnet4[1].exe
MD5                : 007B1D8AEF31BE74CE6845FE68E1471D
Publisher          : -
Size               : 321536
Version            : 0.5.0.6
Detection          : Adware:Win32/Generic!Eree
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\pigrac2l\silentinstaller_dotnet4[1].exe
 
7ZieGf[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\k3tw3y4o\7ziegf[1].exe
MD5                : BF573E6E331F8556B8FC370B3AD48747
Publisher          : -
Size               : 266099
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\k3tw3y4o\7ziegf[1].exe
 
itibiti.exe
Status             : Scanned
Object             : NE->c:\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rvej5hi\itibiti.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Itibiti!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
adv_207.exe
Status             : Scanned
Object             : NE->c:\users\hhnguyen\appdata\local\temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_207.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Itibiti!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
BASNRZSC2.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$r8a35f8\basnrzsc2.exe
MD5                : DEB8E6A98FC21D740860BFBE0C94BBAE
Publisher          : -
Size               : 369664
Version            : 1.0.0.0
Detection          : Adware:Win32/Blackoat.A!Kret
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$r8a35f8\basnrzsc2.exe
 
$RTMQDP2.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rtmqdp2.exe
MD5                : 4773AE1B720D1514E8EB556875E692BE
Publisher          : -
Size               : 113664
Version            : -
Detection          : Trojan:Win32/Bailoat.A!Mtmc
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rtmqdp2.exe
 
AnonymizerLauncher.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\anonymizerlauncher.exe
MD5                : EB67273C54E78DB4FAFFAB9001148753
Publisher          : Investservis JSC
Size               : 295944
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\anonymizerlauncher.exe
 
AGService.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\agservice.exe
MD5                : E83798FC59168E5378E54557E7593E1A
Publisher          : Investservis JSC
Size               : 179720
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\agservice.exe
 
uninstaller.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\uninstaller.exe
MD5                : 37A07FCE59DF360961A3B60085CF71A9
Publisher          : Investservis JSC
Size               : 127816
Version            : -
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\uninstaller.exe
 
AGUtils.dll
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\agutils.dll
MD5                : 36A70D169326B9F4D2643A54FBFA38FA
Publisher          : Investservis JSC
Size               : 310792
Version            : 1.968.0.0
Detection          : Adware:Win32/AnonymizerGadget
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-1611035341-2385341829-1232607748-1001\$rlydgel\agutils.dll


#9 FoxMain

FoxMain
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 06 January 2017 - 04:21 PM

Rats. I still get the message regardless of browser. The youtube problem is also still there except now it works on firefox.



#10 FoxMain

FoxMain
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 06 January 2017 - 05:57 PM

Well, I just found a fix and popped off really hard when doing so. The youtube problem was also fixed too.

 

A scan using Hitman Pro's free trial found out that google.com had a certain IP bound to it. It was removed and I can use google again!

 

Thank you for your help, Inadequate. A LOT of malware on my computer was removed thanks to you.


Edited by FoxMain, 06 January 2017 - 06:30 PM.


#11 LesCarter

LesCarter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 22 January 2017 - 03:25 PM

Having similar problem (Chrome in Windows 10), also very recent. Don't know if it helps but the problem is strictly with left-click- error alert in omnibox says I'm trying to open non-SSL page. Right-click, copy link address and paste opens the correct page with SSL.


Edited by LesCarter, 22 January 2017 - 03:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users