Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At least two computers seem to be overtaken...


  • This topic is locked This topic is locked
6 replies to this topic

#1 justas21

justas21

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 25 June 2017 - 09:59 PM

I use 2 computers - one at work (in the DMZ of our network) and laptop. After travelling with a laptop I seem to have brought something last month. Both computers started to have a lot of activity on the discs (performance monitor). These were processes from groups I didn't recognize. There was literally a flurry of write/read activity. I couldn't begin to describe exactly what was happening. But I will try to describe how it felt. I cover both computers, but posting below only about the laptop - the one I still have access to:

Desktop:
The first noticeable events began as opened Excel files would read and write until I close one of them. I searched online and found some suggestions regarding Shadow copy and issues with Crashplan. After a week or two the general feeling was like my account was diverted elsewhere - to a parallel account that looked like mine. Or at least my profile was in the process of duplication. I unplugged my computer from the network, and continued monitoring. The available space on C would go from to 7 GB to a few MB and back to a few GB. As I strated looking at processes and who had the permission to run them, I started to lose access rights to things I used to - like perfomance monitor.

Laptop;
There appears to be similar activity on the laptop. Icons and other shell elements started to look a little different. Windows update would report that there is an update, and after a while - nothing (the history of updates shows them installed, even though there was no installation). Keeping the PC offline (airport?) I keep trying to figure out what is wrong with it, Avast didn't find anything. Kaspersky didn't find anything in boot from USB scan. Malwarebytes neither.

Can someone please take a look at these entries from the FRST to help figure out where to start?

Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Kyryl (administrator) on NAPOLEON (26-06-2017 02:55:12)
Running from C:\Users\Kyryl\Desktop
Loaded Profiles: Kyryl (Available Profiles: Kyryl)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\Kyryl\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\Kyryl\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-01-16] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2013-01-16] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-01-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-01-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-12] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601976 2013-02-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [Google Update] => C:\Users\Kyryl\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-12] (Google Inc.)
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [Amazon Cloud Player] => C:\Users\Kyryl\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [CrashPlanTray] => C:\Users\Kyryl\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [Spotify Web Helper] => C:\Users\Kyryl\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1433712 2017-01-10] (Spotify Ltd)
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Run: [Spotify] => C:\Users\Kyryl\AppData\Roaming\Spotify\Spotify.exe [7071344 2017-01-10] (Spotify Ltd)
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\RunOnce: [Uninstall C:\Users\Kyryl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kyryl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kyryl\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kyryl\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk [2014-02-01]
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-10-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2013-01-16]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\Kyryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoCorrect for AHK-L.ahk [2014-02-01] ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk *
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.200.0.1
Tcpip\..\Interfaces\{04cb8f66-51e0-41a6-b84d-059a76e26894}: [DhcpNameServer] 10.200.0.1
Tcpip\..\Interfaces\{0c33c7ad-a89e-46d0-9dde-ae99edca7e84}: [DhcpNameServer] 10.204.0.1
Tcpip\..\Interfaces\{6d123be1-85f2-4571-bfa1-303abb76a38e}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{e38c9531-6203-4cc3-9038-b419c0952c7b}: [DhcpNameServer] 10.200.0.1
Tcpip\..\Interfaces\{e49ab9e6-ba6c-499b-ae39-ba9db1241d93}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-341416645-1981178721-1829478571-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-341416645-1981178721-1829478571-1001 -> DefaultScope {ED798800-AAC8-4EAA-BD82-6A5F49FA0EAF} URL =
SearchScopes: HKU\S-1-5-21-341416645-1981178721-1829478571-1001 -> {ED798800-AAC8-4EAA-BD82-6A5F49FA0EAF} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-25] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-25] (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-25] (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-25] (LastPass)
Toolbar: HKU\S-1-5-21-341416645-1981178721-1829478571-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-11-03]
Edge Extension: (Evernote Web Clipper) -> 9nblggh4x0qw_EvernoteEvernoteWebClipper_q4d96b2w5wcc2 => C:\Program Files\WindowsApps\Evernote.EvernoteWebClipper_6.12.0.0_neutral__q4d96b2w5wcc2 [not found]
Edge Extension: (No Name) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.11.0.0_neutral__c1wakc4j0nefm [not found]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.44.0_neutral__qq0fmhteeht3j [2017-04-04]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-31] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-06-09] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-25] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-25] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-341416645-1981178721-1829478571-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Kyryl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-28] (Citrix Online)
FF Plugin HKU\S-1-5-21-341416645-1981178721-1829478571-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kyryl\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-341416645-1981178721-1829478571-1001: @talk.google.com/O1DPlugin -> C:\Users\Kyryl\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-341416645-1981178721-1829478571-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-341416645-1981178721-1829478571-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyryl\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kyryl\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.secretflying.com/euro-deals/
CHR StartupUrls: Default -> "hxxp://www.secretflying.com/euro-deals/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR Profile: C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default [2017-06-22]
CHR Extension: (Google Translate) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-04]
CHR Extension: (wareztuga.tv streamer) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Lucidchart Diagrams) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2017-03-01]
CHR Extension: (Google Drive) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (Cloud To Butt Plus) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apmlngnhgbnjpajelfkmabhkfapgnoai [2014-09-30]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2015-01-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-05]
CHR Extension: (Turn Off the Lights) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-06-21]
CHR Extension: (YouTube) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Cast) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-28]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2016-09-13]
CHR Extension: (Note Anywhere) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh [2015-08-25]
CHR Extension: (Ge.tt) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2013-02-08]
CHR Extension: (Adblock Plus) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-04]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-08-16]
CHR Extension: (Webpage Screenshot) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-12-01]
CHR Extension: (Videostream for Google Chromecast) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-05-17]
CHR Extension: (Google Search) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Search by Image (by Google)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-11-01]
CHR Extension: (Read Later Fast) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2015-05-15]
CHR Extension: (Timout - Time Management) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekpabfaimofbinkbjlgdkkecodejmbf [2013-02-08]
CHR Extension: (Google News) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-03-03]
CHR Extension: (Pixlr-o-matic) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-04-11]
CHR Extension: (Google Play Music) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-06-21]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-02-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-29]
CHR Extension: (Full Screen Weather) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-15]
CHR Extension: (EditThisCookie) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-06]
CHR Extension: (Collusion for Chrome) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2014-07-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (TLDR: Summarize Anything) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc [2017-06-21]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-09-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-05-17]
CHR Extension: (feedly) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-08-22]
CHR Extension: (SuperSorter) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2014-09-20]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-05-15]
CHR Extension: (Pixlr Editor) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-10-08]
CHR Extension: (Google Play Music) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-08-16]
CHR Extension: (Spreed - speed read the web) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2017-06-21]
CHR Extension: (WhatFont) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-05-17]
CHR Extension: (Drag and Go) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikcnhlohebodlpkmjepipngegjbfpg [2015-08-09]
CHR Extension: (280 Slides) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgfmoonhalhgbpeoffnehkedjhgoeno [2013-02-08]
CHR Extension: (Google +1 Button) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-04-11]
CHR Extension: (Tomatoes) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijbhneeenepenoolcdalnekggeialeo [2014-10-22]
CHR Extension: (OpinionCloud (for YouTube & Flickr)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobpaepjhflihdcgajlbmkipfdmjmkda [2013-02-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-02-01]
CHR Extension: (EasyHome Homestyler) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2017-05-31]
CHR Extension: (Minimal, Clean & Simple - Light Theme) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\konffcgmaecfpaliodjnllfghahnnbjo [2016-05-29]
CHR Extension: (StayFocusd) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-11-04]
CHR Extension: (Instapaper) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2017-02-18]
CHR Extension: (Smooth Gestures) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-02-01]
CHR Extension: (InvisibleHand) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2017-03-01]
CHR Extension: (Google Maps) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-06]
CHR Extension: (Harmony) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbibdblnnlapclckbdennhlbcnkkgcn [2013-02-08]
CHR Extension: (Planner 5D - Interior Design) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-13]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-05-10]
CHR Extension: (Quick Note) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-05-15]
CHR Extension: (AutoPager Chrome) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2013-02-08]
CHR Extension: (FatWallet Express) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogoohcaeegmfbiijjanepaeaimohkmn [2016-04-17]
CHR Extension: (Project Naptha) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-07-22]
CHR Extension: (deviantART muro) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2013-02-08]
CHR Extension: (Favorite Doodle) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2014-02-01]
CHR Extension: (PackageTrackr) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcnkanaglcpigebiceecljnccmejabo [2013-02-08]
CHR Extension: (OneDrive) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-04-11]
CHR Extension: (Save to Pocket) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-06-21]
CHR Extension: (Lovely Charts) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhlgmfplghldoenkoigffhhlkahnjkh [2013-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-04]
CHR Extension: (TypingClub) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2014-02-01]
CHR Extension: (Extended Share for Google Plus) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\oenpjldbckebacipkfbcoppmiflglnib [2013-02-08]
CHR Extension: (Piktochart) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgpilphbpmpjlicfhhkgnfbedaeegil [2014-10-14]
CHR Extension: (Currently) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2015-05-30]
CHR Extension: (Type Fu (hosted)) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo [2014-08-28]
CHR Extension: (Picasa) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-02-08]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-05-09]
CHR Extension: (Moosti) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdkkfpnoobbihpjbophkgcibemmmidhk [2014-10-22]
CHR Extension: (Psykopaint) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-22]
CHR Extension: (Gmail) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR Extension: (PostPost: Your Real-Time Facebook Newspaper) - C:\Users\Kyryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppljepfclkbpmkclbopgnfajoenjonae [2013-02-08]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-12] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-13] (BlueStack Systems, Inc.)
R4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-09-01] () [File not signed]
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1394360 2015-10-08] (Intel Corporation)
R4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [579400 2013-02-08] (LENOVO INCORPORATED.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R4 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [61808 2015-09-23] (KeepSolid Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
S4 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-01-16] (Lenovo)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-12] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-12] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-12] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-12] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-12] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-12] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-12] (AVAST Software)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-13] (BlueStack Systems)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-10-08] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-10-08] (Intel Corporation)
R3 leymc; C:\WINDOWS\system32\DRIVERS\leymc.sys [17240 2013-01-16] (Lenovo)
S3 Logi_Headset_DFU; C:\WINDOWS\System32\Drivers\lhusbdfuamd64.sys [44136 2014-04-18] (CSR plc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-21] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 PulseUsb; C:\WINDOWS\System32\drivers\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-12-26] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 02:55 - 2017-06-26 02:55 - 00044382 _____ C:\Users\Kyryl\Desktop\FRST.txt
2017-06-26 02:54 - 2017-06-26 02:55 - 00000000 ____D C:\FRST
2017-06-26 02:54 - 2017-06-26 02:53 - 02441216 _____ (Farbar) C:\Users\Kyryl\Desktop\FRST64.exe
2017-06-26 02:54 - 2017-06-26 02:53 - 01780224 _____ (Farbar) C:\Users\Kyryl\Desktop\FRST.exe
2017-06-22 06:53 - 2017-06-22 06:53 - 00000165 ____H C:\Users\Kyryl\Desktop\~$Copy of Copy of Slots Distribution 2nd semester_Dec26_Revised.xlsx
2017-06-22 06:04 - 2017-05-12 08:02 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-06-22 05:49 - 2017-06-22 05:49 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-21 12:25 - 2017-06-21 12:25 - 00000000 ____D C:\$WINDOWS.~BT
2017-06-21 12:24 - 2017-06-21 12:24 - 00000000 ___HD C:\$SysReset
2017-06-21 05:18 - 2017-06-21 13:08 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-06-21 03:55 - 2017-06-21 03:55 - 00000445 _____ C:\Users\Kyryl\Desktop\Install Kaspersky Total Security version 17.0.0.611.lnk
2017-06-21 03:43 - 2017-06-21 03:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-21 03:31 - 2017-06-21 12:09 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-21 03:31 - 2017-06-21 03:31 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-21 03:31 - 2017-06-21 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-21 03:31 - 2017-05-31 11:09 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-21 03:30 - 2017-06-21 03:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-21 03:30 - 2017-06-21 03:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-21 01:57 - 2017-06-21 01:58 - 00000000 ____D C:\Autoruns
2017-06-21 01:34 - 2017-06-21 02:34 - 00587342 _____ C:\TDSSKiller.3.1.0.15_21.06.2017_01.34.48_log.txt
2017-06-21 01:12 - 2017-06-21 03:39 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 02:24 - 2015-07-30 19:07 - 02353148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-26 02:21 - 2016-08-21 23:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-22 12:32 - 2017-03-21 11:32 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-22 08:25 - 2016-09-19 03:17 - 00000000 ____D C:\Users\Kyryl\Desktop\EMM
2017-06-22 08:24 - 2016-09-19 03:19 - 00000000 ____D C:\Users\Kyryl\Desktop\Execs
2017-06-22 06:34 - 2013-12-21 02:57 - 00000000 ___RD C:\Users\Kyryl\SkyDrive
2017-06-22 06:12 - 2016-08-21 23:51 - 00000000 ____D C:\WINDOWS\Prefetch2
2017-06-22 06:04 - 2016-11-01 18:40 - 00003998 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1478022038
2017-06-22 06:04 - 2016-11-01 18:40 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-22 06:04 - 2016-11-01 15:03 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-06-22 06:04 - 2015-04-03 01:16 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-06-22 06:02 - 2013-03-09 20:10 - 00000000 ____D C:\ProgramData\CrashPlan
2017-06-22 05:56 - 2013-02-13 16:33 - 00000000 ____D C:\Users\Kyryl\AppData\Roaming\Dropbox
2017-06-22 05:54 - 2014-12-01 17:45 - 00000000 ____D C:\ProgramData\Skype
2017-06-22 05:53 - 2017-03-21 11:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-22 05:52 - 2013-01-16 22:39 - 00000000 ____D C:\Program Files\Lenovo
2017-06-22 05:52 - 2013-01-16 22:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-22 05:51 - 2013-10-19 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-22 05:51 - 2013-03-16 15:08 - 00000000 ____D C:\Users\Kyryl\AppData\Roaming\Mozilla
2017-06-22 05:50 - 2014-06-25 23:37 - 00000000 __HDC C:\ProgramData\~0
2017-06-21 12:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-21 12:36 - 2016-08-24 04:31 - 00000000 ____D C:\Users\Kyryl\AppData\Roaming\Spotify
2017-06-21 12:30 - 2015-07-29 18:31 - 00000000 __SHD C:\Users\Kyryl\IntelGraphicsProfiles
2017-06-21 12:30 - 2013-01-16 22:33 - 00000000 ____D C:\ProgramData\Realtek
2017-06-21 12:09 - 2016-08-22 00:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-21 07:22 - 2016-08-21 23:53 - 00000000 ____D C:\Users\Kyryl
2017-06-21 07:22 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-06-21 06:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-21 06:21 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-21 06:21 - 2013-08-05 15:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-21 06:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2017-06-21 06:19 - 2013-02-13 13:46 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-21 06:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-21 06:14 - 2013-03-13 08:05 - 00000231 _____ C:\Users\Kyryl\AppData\LocaldependencyLog.txt
2017-06-21 06:14 - 2013-03-13 08:05 - 00000022 _____ C:\Users\Kyryl\AppData\LocalUserGuideLog.txt
2017-06-21 06:14 - 2013-03-13 08:05 - 00000000 _____ C:\Users\Kyryl\AppData\LocalMachineInfoLog.txt
2017-06-21 01:14 - 2013-11-09 00:33 - 00000000 ____D C:\Users\Kyryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-21 01:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-31 21:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-31 20:56 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF

==================== Files in the root of some directories =======

2014-10-25 19:00 - 2014-10-25 19:00 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-08 22:30 - 2013-02-12 19:51 - 0002363 _____ () C:\Users\Kyryl\AppData\Roaming\AbsoluteReminder.xml
2013-03-31 09:45 - 2014-01-31 20:12 - 0000132 _____ () C:\Users\Kyryl\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-31 22:35 - 2016-08-22 16:24 - 0001456 _____ () C:\Users\Kyryl\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-02-08 22:29 - 2017-06-26 02:21 - 0025452 _____ () C:\Users\Kyryl\AppData\Local\BTServer.log
2015-03-14 00:55 - 2015-03-14 01:00 - 0012186 _____ () C:\Users\Kyryl\AppData\Local\OfficeMix.txt
2015-03-14 00:57 - 2015-03-14 01:00 - 0001212 _____ () C:\Users\Kyryl\AppData\Local\OfficeMixUsages.txt
2013-03-13 08:05 - 2017-06-21 06:14 - 0000182 _____ () C:\Users\Kyryl\AppData\Local\RegisteredPackageInformation.xml
2014-09-06 05:47 - 2017-06-22 06:37 - 0007614 _____ () C:\Users\Kyryl\AppData\Local\Resmon.ResmonCfg
2016-08-21 23:51 - 2016-08-21 23:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-21 12:19

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Kyryl (26-06-2017 02:56:17)
Running from C:\Users\Kyryl\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-21 23:05:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-341416645-1981178721-1829478571-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-341416645-1981178721-1829478571-503 - Limited - Disabled)
Guest (S-1-5-21-341416645-1981178721-1829478571-501 - Limited - Disabled)
Kyryl (S-1-5-21-341416645-1981178721-1829478571-1001 - Administrator - Enabled) => C:\Users\Kyryl

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,971,247 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced PDF Password Recovery (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.)
AirServer Universal (x64) (HKLM\...\{69380A3E-760E-4AA7-AED4-B10F6FA47B30}) (Version: 5.1.0 - App Dynamic)
AirServer Universal (x64) 4.0.31 (HKLM-x32\...\{73d28dd8-64ca-4c40-970e-62004f8767d0}) (Version: 4.0.31 - AppDynamic ehf)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Amazon Cloud Player (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoHotkey 1.1.11.02 (HKLM\...\AutoHotkey) (Version: 1.1.11.02 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
FoneLink Notification Center (HKLM-x32\...\{4EE85A7D-7722-4031-82DC-144F00DB0839}) (Version: 0.7.9.3001 - BlueStack Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
IBM SPSS Statistics 24 (HKLM\...\{4762AE15-E5A3-43BF-8822-1CFC70FB147A}) (Version: 24.0.0.0 - IBM Corp)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.5.23.0 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - SunplusIT)
Lenovo Service Bridge (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\cbe8636f7dd0cf1d) (Version: 1.5.1.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Livescribe Connect (HKLM-x32\...\com.livescribe.LivescribeConnect) (Version: 1.2.1.58498 - Livescribe Inc)
Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden
Livescribe Desktop (HKLM-x32\...\Livescribe Desktop 2.8.3) (Version: 2.8.3 - Livescribe Inc)
MagicSymbol v1.5 (HKLM-x32\...\{8EBC954D-1A9A-4EC7-AE67-31A12694C22F}_is1) (Version: - MagicSymbol)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Mouse Server (HKLM-x32\...\{333AE9D2-1A42-4012-BEC3-DFF9BEBF5CDD}) (Version: 3.0.1 - RPA Tech, Inc)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
Office Mix (HKLM-x32\...\{3def8395-b6f6-4e03-8fb3-9875e783b696}) (Version: 0.1.3396.0 - Microsoft Corporation)
Office Mix 64-bit (Version: 0.1.3396.0 - Microsoft) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Sawtooth Software SSI Web 6.4.6 (HKLM-x32\...\SSIWEB_is1) (Version: 6.4.6 - Sawtooth Software, Inc.)
Screencast-O-Matic (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
Scribbleton version 1.1.0-alpha (HKLM-x32\...\{82B81062-77B4-4201-97B2-4A7ADD190DCF}_is1) (Version: 1.1.0-alpha - Antair Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\Spotify) (Version: 1.0.43.123.g80176796 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
UE BOOM Update Assistant (HKLM-x32\...\{24D625F3-5BFD-4DFE-96E4-966CEA3E6B60}) (Version: 1.3.58 - Logitech, Inc.)
UE BOOM Update Assistant (HKLM-x32\...\{E37CE9D5-ACA2-4399-B1AB-3BF837CB6F19}) (Version: 1.4.51 - Logitech, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Vertus Fluid Mask 3 3.2.5 (HKLM-x32\...\VertusFluidMask3) (Version: 3.2.5 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Unlimited version 3.1.5 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 3.1.5 - KeepSolid Inc.)
WebM Project Directshow Filters (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\webmdshow) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-341416645-1981178721-1829478571-1001\...\WinDirStat) (Version: - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17353 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YTD Video Downloader 4.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Citrix\GoToMeeting\6956\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-341416645-1981178721-1829478571-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kyryl\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BF571E-6D4B-4D30-BB4B-9EFE6FE748DC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0A268CFD-E552-40CB-82F5-1B4C6A90DE44} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {157F7CCB-B688-4E5C-B497-08DA2FBA8771} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {22394C3C-8377-4E34-A461-B391FE8C9B48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {232EEBCA-997F-4A83-AF23-B77BDB40161F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D8A7D93-4E94-4CCD-8332-44CAB9A1C7ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {416C9CA9-9A41-48F9-ABE9-0ED2E72C574C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341416645-1981178721-1829478571-1001Core => C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4BFB568B-1F8A-42F9-9029-A9058D6641CC} - System32\Tasks\SafeZone scheduled Autoupdate 1478022038 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {53F3BD0B-A89B-4939-8355-ACE58A3CDA95} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-02-08] ()
Task: {54DD2AB8-C715-4442-87A2-06F3EBFCD736} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {566885D6-7C2F-46EE-9E26-90202C742B97} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-02-08] ()
Task: {589A8489-DEDD-4AE3-81AA-2D59D8672CAC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-12] (AVAST Software)
Task: {59EFDEEF-1920-47B0-94BB-1B6F207F75EE} - \WPD\SqmUpload_S-1-5-21-341416645-1981178721-1829478571-1001 -> No File <==== ATTENTION
Task: {606A29A1-5E66-4ED1-BAE9-67EB3FE26E5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341416645-1981178721-1829478571-1001UA => C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {61306E40-0CCA-445F-86C0-A4404089476A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7601E717-DD1B-4809-8DEF-8B05E37855D1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {810B194B-E8C3-4D7F-8A03-2F78352DEB9D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {845C04DA-15FB-44C6-B73D-1D5B178F7001} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8668E5C9-17EB-4D33-A5EF-1B7845B8FB5E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-12] (AVAST Software)
Task: {8C0D2325-4732-468B-8E58-2654FA4DA12C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {98C1A260-2582-4A43-9A8C-C20B7A8D5FFD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A1501035-01D5-43FD-9594-A6F19CE6D157} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A7D8CC20-7D98-4CA1-8087-317AE521CCC8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B8576764-69F4-4376-99CF-783B9026E634} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-02-08] ()
Task: {BA8320A7-B8C3-4B53-9CEA-F5FE2963ADF6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BD0722BA-E252-4F9E-9525-32FD7A5F22BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C58CCF2C-104E-4E55-935A-E67AEA427052} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D06EA0AC-3530-401E-ABDC-7BDF876E9845} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-06-21] (Microsoft Corporation)
Task: {D35E6EDB-B347-414A-9D1A-D8916BAA3642} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-341416645-1981178721-1829478571-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Kyryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {DBF20A63-4154-404F-B88F-BB6EC9CA62F6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {DC395C1D-50EF-4135-83EF-9F6F4CA26B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E013149A-D199-4FC2-B0C2-5DDC5C36BB5C} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-02-08] ()
Task: {F13D121D-5772-4D2C-A73B-E61473571950} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341416645-1981178721-1829478571-1001Core1d258cd3654667f => C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F1AA69BD-DF7E-46BF-8EEA-A6E958EBB99F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F435C735-4D75-4101-8913-D3605CB94FBF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F75237E0-725C-4609-8A01-BBCCABB2FF0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341416645-1981178721-1829478571-1001UA1d258cd365df18d => C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F962D2B2-F27C-43F5-9813-71CCB4DC4214} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB386805-4AB2-4D60-8E1F-B15D439D5F68} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-07-08] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-341416645-1981178721-1829478571-1001Core.job => C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-341416645-1981178721-1829478571-1001UA.job => C:\Users\Kyryl\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-12 09:03 - 2017-04-28 01:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-16 22:33 - 2012-09-01 01:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2017-02-22 23:49 - 2017-02-22 23:49 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-19 04:28 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-05-12 09:02 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-05-31 21:04 - 2017-05-31 21:04 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-31 21:04 - 2017-05-31 21:04 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-31 21:04 - 2017-05-31 21:04 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-31 21:04 - 2017-05-31 21:04 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2016-08-21 23:51 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-01-16 22:38 - 2013-01-16 22:38 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2014-01-01 07:28 - 2013-12-12 20:56 - 03145536 _____ () C:\Users\Kyryl\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-08-05 07:28 - 2013-07-28 00:32 - 01301504 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2017-05-12 09:03 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-12 09:03 - 2017-04-28 00:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-12 09:03 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-05-12 09:03 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-12 09:03 - 2017-04-28 00:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-12 09:03 - 2017-04-28 00:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-10-27 23:56 - 2011-10-27 23:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2015-05-16 17:06 - 2015-09-23 16:53 - 00104304 _____ () C:\Program Files (x86)\VPN Unlimited\enc.dll
2013-01-16 22:30 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-01-16 22:38 - 2013-01-16 22:38 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-01-16 22:38 - 2013-01-16 22:38 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-01-16 22:38 - 2013-01-16 22:38 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-12 08:02 - 2017-05-12 08:02 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-31 10:57 - 2015-07-31 10:57 - 01286312 _____ () C:\Program Files (x86)\Microsoft Office\Office16\PPRESOURCES.DLL
2012-01-03 14:10 - 2012-01-03 14:10 - 00249232 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kyryl\Desktop\VENDAS_BB_2011_2016_Raw.xlsx:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2013-03-31 03:19 - 00001805 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-341416645-1981178721-1829478571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kyryl\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\random_grey_variations.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Motion Control.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Air Mouse.lnk"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2017 12:51:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2017 02:42:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Autoruns64.exe, version: 13.71.0.0, time stamp: 0x58ec46f5
Faulting module name: Autoruns64.exe, version: 13.71.0.0, time stamp: 0x58ec46f5
Exception code: 0xc0000005
Fault offset: 0x000000000001b0d8
Faulting process id: 0x3a38
Faulting application start time: 0x01d2ee1d6a301359
Faulting application path: C:\Autoruns\Autoruns64.exe
Faulting module path: C:\Autoruns\Autoruns64.exe
Report Id: 85c84b70-1bab-4758-822c-a462cd322f77
Faulting package full name:
Faulting package-relative application ID:

Error: (06/26/2017 02:41:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Autoruns64.exe, version: 13.71.0.0, time stamp: 0x58ec46f5
Faulting module name: Autoruns64.exe, version: 13.71.0.0, time stamp: 0x58ec46f5
Exception code: 0xc0000005
Fault offset: 0x000000000001b0d8
Faulting process id: 0x3278
Faulting application start time: 0x01d2ee1adba0ab78
Faulting application path: C:\Autoruns\Autoruns64.exe
Faulting module path: C:\Autoruns\Autoruns64.exe
Report Id: 43a14bf6-8941-4a68-8acf-669127e3f619
Faulting package full name:
Faulting package-relative application ID:

Error: (06/26/2017 02:21:27 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message: dataLength is invalid.
Participant: TCPU [1]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]

Error: (06/25/2017 11:24:14 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message: dataLength is invalid.
Participant: TCPU [1]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]

Error: (06/22/2017 06:38:57 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message: dataLength is invalid.
Participant: TCPU [1]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]

Error: (06/22/2017 04:40:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message: dataLength is invalid.
Participant: TCPU [1]
Domain: PKG [0]
Policy: ConfigTDP Policy [0]

Error: (06/22/2017 04:40:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39003781

Error: (06/22/2017 04:40:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39003781

Error: (06/22/2017 04:40:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2017 12:51:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (06/22/2017 01:09:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2017 06:38:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2017 05:24:41 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume52

Error: (06/21/2017 05:50:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2017 12:31:36 PM) (Source: DCOM) (EventID: 10016) (User: NAPOLEON)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
and APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
to the user NAPOLEON\Kyryl SID (S-1-5-21-341416645-1981178721-1829478571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2017 12:31:36 PM) (Source: DCOM) (EventID: 10016) (User: NAPOLEON)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
and APPID
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
to the user NAPOLEON\Kyryl SID (S-1-5-21-341416645-1981178721-1829478571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2017 12:30:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2017 12:26:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume \\?\Volume{b6a28f0f-c87a-4a37-aa59-366fe9d66a90} were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/21/2017 12:20:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/21/2017 12:09:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2016-08-21 23:52:12.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 23:52:12.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 23:52:12.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 23:52:12.546
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 8071.27 MB
Available physical RAM: 4533.14 MB
Total Virtual: 9351.27 MB
Available Virtual: 5546.42 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:223.04 GB) (Free:29.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.31 GB) NTFS
Drive e: () (Removable) (Total:7.25 GB) (Free:2.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 401E71B0)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End of Addition.txt ============================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 AM

Posted 30 June 2017 - 10:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/650126 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 PM

Posted 02 July 2017 - 07:53 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 PM

Posted 05 July 2017 - 02:08 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 justas21

justas21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 05 July 2017 - 05:13 AM

Hi Jo, thank you. Yes, I still do have the problem. I am getting through the steps, please don't close this thread. Since I am without another computer, it takes a while (I am not connecting that computer).

Thank you.

#6 justas21

justas21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 11 July 2017 - 02:43 PM

Ok, I got a friends computer. Should be able to do all the steps.

#7 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:12 PM

Posted 17 July 2017 - 06:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users